Lucene search
K

725 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.11 views

CVE-2026-7634

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS6AI score0.00436EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.24 views

PT-2026-44203

The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up to, and including, 5.4.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

7.2CVSS6AI score0.00436EPSS
Exploits0References15
NVD
NVD
added 2026/05/27 11:16 a.m.18 views

CVE-2026-42748

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

9.9CVSS0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.10 views

EUVD-2026-32177

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 7:45 p.m.10 views

JLSEC-2026-560

singlevar in lparser.c in Lua from including 5.4.0 up to excluding 5.4.4 lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code...

9.1CVSS7.4AI score0.02919EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.13 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References1
NVD
NVD
added 2026/05/26 8:16 a.m.12 views

CVE-2026-39655

Missing Authorization vulnerability in TeconceTheme Mayosis Core allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mayosis Core: from n/a through 5.4.7...

5.3CVSS0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43195

Name of the Vulnerable Software and Affected Versions Mayosis Core versions prior to 5.4.7 Description Missing Authorization in TeconceTheme Mayosis Core allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a version later than 5.4.7...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

WordPress plugin Mayosis Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.10 views

PT-2026-47119

An issue in the component luaG runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs...

5.4AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.20 views

PT-2026-47113

Lua 5.4.0 fixed in 5.4.1 has a segmentation fault in changedline in ldebug.c e.g., when called by luaG traceexec because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function...

5.5AI score
Exploits0References4
Patchstack
Patchstack
added 2026/05/21 10:39 p.m.9 views

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret vulnerability discovered by ? in WordPress Npm network-ai versions = 5.4.4...

5.8AI score0.00023EPSS
Exploits0References2Affected Software1
SUSE Linux
SUSE Linux
added 2026/05/20 7:23 a.m.9 views

Security update for openssh

This update for openssh fixes the following issues Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: SUSE Linux Enterprise Micro for Rancher 5.3...

7.5CVSS6AI score0.00419EPSS
Exploits0References8
OSV
OSV
added 2026/05/18 1:28 p.m.7 views

CLEANSTART-2026-UO66475 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 5.4.6-r0

Multiple security vulnerabilities affect the py3-jupyterhub package. These issues are resolved in later releases. See references for individual vulnerability details...

8.7CVSS5.8AI score0.00609EPSS
Exploits2References7
Patchstack
Patchstack
added 2026/05/13 10:53 a.m.12 views

WordPress Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin <= 2.5.4 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by gidget smith in WordPress Plugin Custom Twitter Feeds Tweets Widget versions = 2.5.4...

7.2CVSS5.8AI score0.00493EPSS
Exploits0References1Affected Software1
Microsoft Security Update
Microsoft Security Update
added 2026/05/12 5:0 p.m.18 views

2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems (KB5087544)

2026-05 Dynamic Cumulative Update for Windows 10 Version 21H2 for ARM64-based Systems KB5087544...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.17 views

CVE-2026-42051

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00193EPSS
Exploits0References1
Circl
Circl
added 2026/05/10 2:48 p.m.30 views

CVE-2022-50954

creationtimestamp| type| source ---|---|--- 2026-05-10 14:48:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mliywj5zzg2i...

6.9CVSS5.8AI score0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/09 3:39 a.m.10 views

CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/09 3:39 a.m.8 views

EUVD-2026-28890

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References3
Rows per page
Query Builder