Lucene search
+L

263 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57740 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-57768

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS6.1AI score0.00226EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.10 views

Kibana 7.x < 7.17.15 / 8.x < 8.11.1 Log Injection (ESA-2026-53)

The version of Kibana installed on the remote host is 7.x prior to 7.17.15 or 8.x prior to 8.11.1. It is, therefore, affected by a log injection vulnerability: - Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection. An attacker can supply specially crafted input tha...

8CVSS6.2AI score0.00201EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.14 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS software allow an unauthenticated attacker with...

8.7CVSS7AI score0.00587EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/07 11:9 a.m.9 views

Important: Red Hat Security Advisory: RHACS 4.11.1 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

10CVSS5.9AI score0.00813EPSS
Exploits1References14
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-48867

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.1.2 versions...

7.1CVSS0.00175EPSS
Exploits1References1
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-40762

Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-39468

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...

6.8CVSS0.00355EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS software allows an...

6.9CVSS5.5AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 4:5 p.m.3 views

CVE-2026-49847 FreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSON

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

7.5CVSS5.9AI score0.00414EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 4:2 p.m.34 views

CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS0.00449EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 8:29 p.m.15 views

EUVD-2026-32922

TinyMCE Cross-Site Scripting XSS vulnerability using media plugin data-mce-object injection...

8.7CVSS5.4AI score0.00264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-27644

Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...

6.5CVSS5.6AI score0.00228EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/06/03 10:5 a.m.8 views

WordPress Quiz And Survey Master plugin <= 11.1.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by endy in WordPress Plugin Quiz And Survey Master versions = 11.1.2...

7.1CVSS5.5AI score0.00175EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/05/28 4:16 p.m.25 views

UBUNTU-CVE-2026-47759

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce- attributes data-mce-href, data-mce-src, data-mce-style. Allows attackers to inject malicious values that override safe attributes during serialization,...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:21 p.m.17 views

CVE-2026-47762

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 3:21 p.m.14 views

CVE-2026-47762 TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments

TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and inject scripts that execute when content is restored. Impacts users who utilize the protect option. Thi...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 3:20 p.m.55 views

CVE-2026-47761

Summary: CVE-2026-47761 is a stored XSS vulnerability in TinyMCE’s media plugin, triggered by crafted data-mce-* attributes during content rendering. Affected software: TinyMCE (open source rich text editor); affected version range prior to 5.11.1, 7.9.3, and 8.5.1. Root cause/Vector: Media plugi...

8.7CVSS5.8AI score0.00264EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44391

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 5.11.1 TinyMCE versions prior to 7.9.3 TinyMCE versions prior to 8.5.1 Description A stored Cross-Site Scripting XSS issue exists via forged mce:protected comments. This allows attackers to bypass sanitization and...

8.7CVSS5.9AI score0.00281EPSS
Exploits0References13
OSV
OSV
added 2026/05/18 1:53 p.m.2 views

CLEANSTART-2026-YZ90223 Security fixes for CVE-2026-27141, CVE-2026-32285, CVE-2026-32952, CVE-2026-33186, CVE-2026-33762, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-35469, CVE-2026-39883, ghsa-3xc5-wrhm-f963, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-gm2x-2g9h-ccm8, ghsa-hfvc-g4fc-pqhx, ghsa-jhf3-xxhw-2wpp, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2, ghsa-pjcq-xvwq-hhpj, ghsa-xmrv-pmrh-hhx2 applied in versions: 18.11.1-r0

Multiple security vulnerabilities affect the gitlab-runner package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.08123EPSS
Exploits4References31
Rows per page
Query Builder