Lucene search
K

5020 matches found

NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-39507

Unauthenticated Cross Site Scripting XSS in Social Slider Feed = 2.3.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.6 views

CVE-2026-39434

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS0.00446EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.6 views

CVE-2026-39441

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/15 8:46 p.m.8 views

Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/15 8:17 p.m.12 views

CVE-2026-39507

The CVE-2026-39507 entry refers to the WordPress Social Slider Feed plugin, affected in versions <= 2.3.2, with an unauthenticated Cross Site Scripting (XSS) vulnerability. The issue is described as unauthenticated XSS in Social Slider Feed

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.27 views

CVE-2026-39507 WordPress Social Slider Feed plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Social Slider Feed = 2.3.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.29 views

CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.24 views

CVE-2026-39441

CVE-2026-39441 affects the WordPress plugin Feed KuantoKusta for WooCommerce – Free, version

9.3CVSS5.7AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.26 views

CVE-2026-39434 WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS0.00446EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.15 views

CVE-2026-39434

CVE-2026-39434 affects WordPress CTX Feed plugin (WebAppick CTX Feed) versions

7.2CVSS5.3AI score0.00446EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 8:7 p.m.5 views

GHSA-M6QW-4CW2-HM4M aiohttp: CRLF injection in multipart headers

Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. Impact In the unlikely situation that an application is passing user-controlled strings into MultipartWriter.appendheaders=... or Payload.headers, the...

6.9CVSS5.4AI score0.00301EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 5:26 p.m.31 views

GHSA-HMW2-7CC7-3QXX form-data: CRLF injection in form-data via unescaped multipart field names and filenames

Summary form-data builds multipart/form-data request bodies. Through v4.0.5, the field name passed to FormDataappend and the filename option are concatenated directly into the Content-Disposition header with no escaping of CR \r, LF \n, or ". An application that uses untrusted input as a field na...

8.7CVSS5.5AI score0.00409EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49371

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49369

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 12:0 a.m.5 views

UBUNTU-CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS5.5AI score0.00313EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.7 views

PT-2026-49389

Unauthenticated Cross Site Scripting XSS in Social Slider Feed = 2.3.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 8:16 p.m.9 views

CVE-2026-42850

Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the terminal with CRLF, as su...

8.8CVSS0.00287EPSS
Exploits1References1
OSV
OSV
added 2026/06/12 7:16 p.m.8 views

DEBIAN-CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 7:16 p.m.28 views

CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS0.00409EPSS
Exploits0References19
OSV
OSV
added 2026/06/12 7:16 p.m.4 views

UBUNTU-CVE-2026-12143

form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the field argument to FormDataappend and the filename option are concatenated verbatim into the Content-Disposition header without escaping carriage return CR, line feed LF, or double-quote "...

8.7CVSS5.4AI score0.00409EPSS
Exploits0References9
Rows per page
Query Builder