Lucene search
K

1460 matches found

NVD
NVD
added 2026/07/03 6:16 a.m.8 views

CVE-2026-14352

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00473EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.8 views

CVE-2026-14352

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/03 4:30 a.m.7 views

EUVD-2026-41485

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
NVD
NVD
added 2026/07/03 2:16 a.m.10 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00459EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/03 1:28 a.m.10 views

EUVD-2026-41471

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00459EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 1:28 a.m.10 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00459EPSS
Exploits0References7
CVE
CVE
added 2026/07/03 1:28 a.m.22 views

CVE-2026-14327

The AR for WordPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to and including 8.40 via the 'file' parameter. Unauthenticated attackers can read arbitrary server files. Exploitation requires obtaining a valid nonce via ar_get_fresh_nonce and ar_process_user_ima...

7.5CVSS5.9AI score0.00459EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.18 views

PT-2026-55444

Name of the Vulnerable Software and Affected Versions AR for WordPress versions prior to 8.41 Description An unauthenticated directory traversal flaw exists in the file handling logic of the plugin. The issue occurs when the public AJAX functionality accepts a user-controlled file parameter witho...

7.5CVSS6AI score0.00459EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55496

Name of the Vulnerable Software and Affected Versions AR for WooCommerce versions prior to 8.41 Description The plugin is subject to Directory Traversal, allowing unauthenticated attackers to read arbitrary files on the server that may contain sensitive information. This is possible via the file...

7.5CVSS6AI score0.00473EPSS
Exploits0References11
CVE
CVE
added 2026/06/30 7:11 p.m.25 views

CVE-2026-7874

CVE-2026-7874 affects IBM Langflow OSS 1.0.0–1.10.0. The root cause is a weak and reversible key derivation mechanism used for at-rest encryption, which could allow an attacker to disclose all stored credentials (API keys, database passwords, OAuth tokens) if the encryption keys are compromised o...

9.1CVSS5.8AI score0.00164EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/30 4:15 p.m.8 views

EUVD-2022-52713

RabbitMQ has predictable credential obfuscation seed value used in Shovel and Federation plugins...

7.5CVSS7.1AI score0.00307EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-570 web2py remote code execution via hardcoded encryption key in session.connect function

The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function...

9.8CVSS7.2AI score0.0499EPSS
Exploits2References9
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6.5CVSS0.00152EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:41 p.m.30 views

CVE-2026-6291 Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS0.00152EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:41 p.m.16 views

CVE-2026-6291

CVE-2026-6291 affects wolfSSL (v4.0) and describes a Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption used for EnvelopedData. The vulnerability arises because error codes differed between RSA padding validation failure and malformed decrypted content, enabling an attacker t...

6.5CVSS5.9AI score0.00152EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 4:41 p.m.6 views

EUVD-2026-39482

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS5.9AI score0.00152EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:41 p.m.3 views

CVE-2026-6291

Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable error codes depending on whether RSA padding validation failed versus whether the decrypted content was malformed. An attacker able to...

6CVSS5.9AI score0.00152EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: A missing check for the encryption key size was fixed in the L2CAPLEConnREQ. This addition ensures that the encryption key size is checked upon receiving the L2CAPLEConnREQ, which is required by...

8.1CVSS5.7AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38658

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 6:18 p.m.15 views

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

5.4CVSS0.00146EPSS
Exploits1References4
Rows per page
Query Builder