Lucene search
K

3761 matches found

Cvelist
Cvelist
added yesterday10 views

CVE-2026-57379 WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL FormyChat social-contact-form allows Stored XSS.This issue affects FormyChat: from n/a through = 2.15.3...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-58503

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the resetpassword endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...

6.9CVSS0.00354EPSS
Exploits0References7
NVD
NVD
added 4 days ago6 views

CVE-2026-57584

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...

8.7CVSS0.00419EPSS
Exploits0References4
NVD
NVD
added 4 days ago4 views

CVE-2026-55881

OpenReplay is a self-hosted session replay suite. From 1.22.0 before 1.27.0, getFirstMob returned 15-second presigned S3 download URLs for a session's DOM-replay recording based solely on the session path parameter, while validateProjectAccess checked only that the project belonged to the...

7.1CVSS0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57584 Phalcon: Catastrophic backtracking (ReDoS) in the default Phalcon Router route lead to remote unauthenticated DoS

Phalcon is a high-performance, full-stack PHP framework. Prior to 5.15.0, every Phalcon MVC application built with a default router registers a built-in route whose compiled PCRE pattern contains the nested quantifier /., and the same construct is produced by the /:params placeholder and the CLI...

8.7CVSS0.00419EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-56667

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS0.00225EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-55670

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42964

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS6.2AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-55670 ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42977

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS6.1AI score0.00286EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Kibana 7.x < 7.17.15 / 8.x < 8.11.1 Log Injection (ESA-2026-53)

The version of Kibana installed on the remote host is 7.x prior to 7.17.15 or 8.x prior to 8.11.1. It is, therefore, affected by a log injection vulnerability: - Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection. An attacker can supply specially crafted input tha...

8CVSS6.2AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57334

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 16.16.0 Frappe versions prior to 15.106.0 Description User enumeration is possible through the 'reset password' endpoint. User enumeration is a technique used to verify if a specific user exists within a system by...

6.9CVSS6.1AI score0.00354EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57332

Name of the Vulnerable Software and Affected Versions Phalcon versions prior to 5.15.0 Description In Phalcon MVC applications using a default router, the CLI router, or the /:params placeholder, a built-in route is registered with a compiled PCRE Perl Compatible Regular Expressions pattern...

8.7CVSS6.1AI score0.00419EPSS
Exploits0References8
Slackware Linux
Slackware Linux
added 6 days ago4 views

[slackware-security] xorg-server

New xorg-server packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/xorg-server-1.20.14-i586-21slack15.0.txz: Rebuilt. This update fixes security issues: glamor Font Atlas Heap Buffer Overflow. GLX...

9CVSS5.9AI score0.00212EPSS
Exploits0
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42402

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...

7.3CVSS6.2AI score0.00243EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 6 days ago4 views

Security update for radare2 (important)

openSUSE Security Update: Security update for radare2 Announcement ID: openSUSE-SU-2026:0231-1 Rating: important References: 1244121 1262142 1265403 Cross-References: CVE-2025-1378 CVE-2025-1744 CVE-2025-1864 CVE-2025-5641 CVE-2026-40499 CVE-2026-8695 CVSS scores: CVE-2025-1378 SUSE: 4.8...

10CVSS6.5AI score0.01184EPSS
Exploits4References3
Patchstack
Patchstack
added last week7 views

WordPress FormyChat plugin <= 2.15.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by dodoh4t in WordPress Plugin FormyChat versions = 2.15.3...

7.1CVSS5.9AI score0.00251EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added last week6 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.15 Images

Red Hat OpenShift Virtualization release v4.15 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

8.7CVSS6AI score0.00656EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added last week12 views

Important: Red Hat Security Advisory: OpenShift Virtualization v4.15 Images

Red Hat OpenShift Virtualization release v4.15 is now available with updates to packages and images that fix several bugs and add enhancements. OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift...

9.1CVSS7.2AI score0.00586EPSS
Exploits2References3
NVD
NVD
added 2026/07/06 11:16 p.m.8 views

CVE-2026-53646

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS0.00215EPSS
Exploits1References1
Rows per page
Query Builder