Lucene search
K

23533 matches found

CVE
CVE
added yesterday9 views

CVE-2026-58102

Crypt::OpenSSL::X509 for Perl prior to 2.1.3 is vulnerable to a heap out-of-bounds read in the hv_exts code path. When building the extension hash (via extensions(), extensions_by_long_name(), extensions_by_oid(), or has_extension_oid()), the code uses OBJ_obj2txt()’s return value as the hash-key...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-49972

CVE-2026-49972 affects Laravel-Mediable prior to 7.0.0. A file upload vulnerability enables unauthenticated remote code execution via a double extension (e.g., shell.php.jpg). The attacker relies on PATHINFO_FILENAME preserving the inner .php extension in the base name, and on misconfigured serve...

8.8CVSS6.5AI score
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-57380

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS0.00251EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS6.2AI score0.00132EPSS
Exploits0References7
EUVD
EUVD
added yesterday4 views

EUVD-2026-43303

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion...

8.8CVSS6.2AI score0.00239EPSS
Exploits1References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43302

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS...

8.7CVSS6.1AI score0.00258EPSS
Exploits1References2
Cvelist
Cvelist
added yesterday6 views

CVE-2026-57380 WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through = 5.1...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-57829

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS...

8.7CVSS0.00258EPSS
Exploits1References1
CVE
CVE
added yesterday10 views

CVE-2026-57829

The CVE concerns the Joomla extension Helix Ultimate (vulnerable component: the Helix Ultimate plugin) with an unauthenticated stored XSS in versions prior to 2.2.7. According to the shared metrics, the vulnerability has a CVSS 4.0 base score of 8.7 (HIGH) with network access, low attack complexi...

8.7CVSS6.1AI score0.00258EPSS
Exploits1References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-57829 Joomla Extension - joomshaper.com - Unauthenticated stored XSS in Helix Ultimate < 2.2.7

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated stored XSS...

8.7CVSS0.00258EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday92 views

WordPress Simple File List <=4.2.2 - Remote Code Execution

An unrestricted file upload vulnerability in the WordPress Simple File List plugin before version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint ee-upload-engine.php restricts file uploads based on extension, but lacks proper validatio...

6.3AI score
Exploits9References3
Nuclei
Nuclei
added yesterday56 views

Lightdash version <= 0.510.3 Arbitrary File Read

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension .csv or .png is used. id: CVE-2023-35844 info: name: Lightdash version = 0.510.3 Arbitrary File Read author: dwisiswant0...

7.5CVSS7AI score0.06344EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday13 views

XWiki Platform Distribution Flavor Main - Cross-Site Scripting

XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday86 views

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

7.5CVSS7.1AI score0.50734EPSS
Exploits4References4
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-57827 Joomla Extension - rsjoomla.com - Unauthenticated file upload in RSFiles component < 1.17.12

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00287EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-43167

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS6.1AI score0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-57828 Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE...

9CVSS0.00256EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-2354

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS0.00553EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43133

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS6.5AI score0.00553EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-2354 Swiss Toolkit For WP <= 1.4.6 - Authenticated (Author+) Arbitrary File Upload via upload_extension_files()

The Swiss Toolkit For WP plugin for WordPress is vulnerable to arbitrary file upload due to a flawed file type validation bypass in the uploadextensionfiles function in all versions up to, and including, 1.4.6. The uploadextensionfiles function hooks into WordPress's wpcheckfiletypeandext filter...

8.8CVSS0.00553EPSS
Exploits0References5
Rows per page
Query Builder