Lucene search
K

1990 matches found

Microsoft CVE
Microsoft CVE
added 4 days ago3 views

NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled

...

7.5CVSS6.1AI score0.00593EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.12 views

PT-2026-56149

Name of the Vulnerable Software and Affected Versions WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell versions prior to 3.12.8 Description Unauthenticated attackers can achieve Remote Code Execution by sending unsanitized values through the postData parameter. The plug...

9.8CVSS6.2AI score0.00745EPSS
Exploits0References17
NVD
NVD
added 2026/07/01 6:16 p.m.11 views

CVE-2026-57722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 5:7 p.m.37 views

CVE-2026-57722 WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS0.00148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:7 p.m.7 views

CVE-2026-57722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 5:7 p.m.16 views

CVE-2026-57722

The CVE-2026-57722 entry concerns the WordPress plugin Enable Media Replace (versions up to and including 4.2.1). The vulnerability is described as a Stored Cross-Site Scripting (XSS) caused by improper neutralization of input during web page generation. Affected component: the Enable Media Repla...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 5:7 p.m.8 views

EUVD-2026-41096

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShortPixel Enable Media Replace allows Stored XSS. This issue affects Enable Media Replace: from n/a through 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/01 5:6 p.m.6 views

WordPress Enable Media Replace plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Enable Media Replace versions = 4.2.1...

5.9CVSS5.8AI score0.00148EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54889

Name of the Vulnerable Software and Affected Versions ShortPixel Enable Media Replace versions prior to 4.2.1 Description Improper neutralization of input during web page generation leads to a Stored Cross-site Scripting XSS issue. Stored XSS occurs when an application receives data from a user a...

5.9CVSS5.7AI score0.00148EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-465 PraisonAI `deploy --type api` emits a Flask server with authentication disabled by default

Summary CVE-2026-44338 GHSA-6rmh-7xcm-cpxj documents that PraisonAI ships a code-generator praisonai.deploy.api.generateapiservercode that emits a Flask API server with authentication disabled by default. Users who follow the documented quickstart praisonai deploy --type api get a server that: -...

9.8CVSS6AI score0.0008EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-424 Mlflow: Command Injection when serving models with enable_mlserver=True

A command injection vulnerability exists in Mlflow when serving a model with enablemlserver=True. The modeluri is embedded directly into a shell command executed via bash -c without proper sanitization. If the modeluri contains shell metacharacters, such as $ or backticks, it allows for command...

9.6CVSS7.4AI score0.01328EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/06/29 10:39 a.m.8 views

CVE-2026-53322

A flaw was found in the Linux kernel's vfio/pci subsystem. During device shutdown, an improper order of operations in cleaning up Direct Memory Access Buffers DMABUFs before disabling the function creates a brief window. In this window, a device's Base Address Registers BARs could still be access...

8.8CVSS5.7AI score0.00182EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-47242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAPid is called with a hash...

5.8CVSS6AI score0.00131EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.5 views

UBUNTU-CVE-2026-53319

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

5.5CVSS5.8AI score0.001EPSS
Exploits0References5
CVE
CVE
added 2026/06/26 7:41 p.m.17 views

CVE-2026-53319

Mode C: Normal (details available) CVE-2026-53319 affects the Linux kernel block writeback throttling (blk-wbt) code. The issue arises in wbt_init_enable_default(), which previously used WARN_ON_ONCE to report failures from wbt_alloc() and wbt_init(). These failure paths are expected: wbt_alloc()...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-54833

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-54833 WordPress Enable CORS plugin <= 2.0.3 - Backdoor vulnerability

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.18 views

CVE-2026-54833

CVE-2026-54833 concerns the WordPress Enable CORS plugin

7.4CVSS5.8AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.5 views

EUVD-2026-39677

Unauthenticated Backdoor in Enable CORS = 2.0.3 versions...

7.4CVSS5.8AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 8:40 p.m.10 views

MAL-2026-6474 Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.8AI score
Exploits0References2
Rows per page
Query Builder