Lucene search
+L

3408 matches found

Nuclei
Nuclei
added 7 hours ago21 views

Formidable Form Builder < 2.05.03 - Unauthenticated Information Disclosure

The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frmformspreview AJAX action. This makes it possible for unauthenticated attackers to export all of the form entries for a given form. id: CVE-2017-20194 info...

5.3CVSS5.3AI score0.01098EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago51 views

Contact Form Entries < 1.2.4 - Cross-Site Scripting

The plugin does not sanitise and escape various parameters, such as formid, status, enddate, order, orderby and search before outputting them back in the admin page id: CVE-2021-25079 info: name: Contact Form Entries 1.2.4 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | The...

6.1CVSS6.2AI score0.0682EPSS
Exploits4References4
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-45535 DataEase: Stored SQL Injection Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as $var and SqlparserUtils.handleVariableDefaultValue inserts them with String.replace without escaping or parameterizatio...

8.7CVSS0.00248EPSS
Exploits0References3
Rockylinux
Rockylinux
added 3 days ago5 views

yggdrasil security update

An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list yggdrasil is a system daemon that subscribes to topics on an MQTT broker a...

9.6CVSS6.5AI score0.00939EPSS
Exploits0
CVE
CVE
added 4 days ago11 views

CVE-2026-54684

CVE-2026-54684 — jadx (Dex to Java decompiler) Affected versions: 1.5.2 to 1.5.5. The vulnerability arises when processing a malicious .xapk file: XApkLoader resolves each entry name directly with tmpDir.resolve(fileName) after a CWD-based ZIP security check, allowing an attacker to write archive...

7CVSS6.2AI score0.00133EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-54684 jadx: XAPK archive entries with absolute paths can plant drop-in plugins and achieve code execution on the next jadx run

jadx is a Dex to Java decompiler. From 1.5.2 to 1.5.5, a malicious .xapk file can cause jadx to write attacker-controlled archive entry contents outside the intended XAPK plugin temporary unpack directory because XApkLoader resolves each entry name directly with tmpDir.resolvefileName after a...

7CVSS0.00133EPSS
Exploits0References3
OSV
OSV
added 4 days ago6 views

CVE-2026-48816 sigstore-js: Insufficient Verification of Data Authenticity

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries.integratedTime for bundle v0.2 inclusionProof-only entries even though the inclusion proof path does not cryptographically bind...

6.5CVSS6.1AI score0.00158EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago9 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6.9AI score0.00939EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 5 days ago7 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS6.1AI score0.00939EPSS
Exploits0References8
NVD
NVD
added 5 days ago3 views

CVE-2026-57708

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-57708

Affected product/versions: WordPress WordPress plugin “Contact Form Entries” (contact-form-entries)

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-57708 WordPress Contact Form Entries plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CRM Perks Contact Form Entries contact-form-entries allows Reflected XSS.This issue affects Contact Form Entries: from n/a through = 1.5.2...

7.1CVSS0.0018EPSS
Exploits0References1
NVD
NVD
added 2026/07/11 7:16 a.m.7 views

CVE-2026-9017

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00273EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/11 6:50 a.m.35 views

CVE-2026-9017 NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Arbitrary Form Entry Modification via nf_send_nf_email AJAX Action

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00273EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/11 6:50 a.m.10 views

EUVD-2026-43163

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
OSV
OSV
added 2026/07/11 4:13 a.m.2 views

JLSEC-2026-663 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize...

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS6.7AI score0.0028EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/10 10:25 a.m.9 views

CVE-2026-59876

A flaw was found in protobufjs. The Text Format extension, responsible for compiling protobuf definitions into JavaScript functions, improperly parsed string-keyed map entries. This allowed a specially crafted map entry with the key proto to modify the prototype of the returned map object. An...

4.8CVSS6AI score0.00219EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/07/10 5:22 a.m.6 views

WordPress Contact Form Entries plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin Contact Form Entries versions = 1.5.2...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/09 7:22 a.m.7 views

CVE-2026-31984

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS6AI score0.00274EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-14454

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as...

9.8CVSS6.2AI score0.00394EPSS
Exploits0References3
Rows per page
Query Builder