Lucene search
+L

763 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-57803

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur Core struktur-core allows PHP Local File Inclusion.This issue affects Struktur Core: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 5 days ago3 views

CVE-2026-57695

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through = 5.1.0...

7.1CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 5 days ago16 views

CVE-2026-57797

CVE-2026-57797 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress EduMall theme (ThemeMove EduMall) up to version 4.5.1. The NVD/CVE records and Patchstack entry indicate that access control levels were incorrectly configured, allowing unauthorized access to ...

4.3CVSS6.1AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 6:16 p.m.11 views

CVE-2026-61343

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0...

8.6CVSS0.0084EPSS
Exploits1References5
CVE
CVE
added 2026/07/09 7:55 a.m.24 views

CVE-2026-14245

The CVE-2026-14245 entry concerns the miniOrange OTP Login, Verification and SMS Notifications plugin for WordPress (versions up to and including 5.5.1). The root cause is that um_reset_password_process_hook() performs no server-side verification of OTP completion and relies on a public form_nonc...

9.8CVSS6AI score0.00586EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/09 4:32 a.m.10 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/07/07 2:31 p.m.6 views

WordPress Extensions for Leaflet Map plugin <= 5.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by manop55555 in WordPress Plugin Extensions for Leaflet Map versions = 5.1...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:5 p.m.12 views

CVE-2026-13383

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS ikestubd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to a...

8.6CVSS6.1AI score0.00546EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/07/02 3:24 p.m.7 views

WordPress Struktur Core plugin <= 2.5.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Struktur Core versions = 2.5.1...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/02 1:32 p.m.5 views

WordPress Aqua theme <= 5.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Aqua versions = 5.1.2...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
Circl
Circl
added 2026/07/02 12:35 a.m.9 views

CVE-2026-5138

creationtimestamp| type| source ---|---|--- 2026-07-02 00:35:08+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmrxhtt7u2q 2026-07-02 02:11:31+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmxdt3ckv2y 2026-07-02 08:15:52+00:00| seen|...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: util-linux-2.41.5-1.fc43

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program...

5.8AI score
Exploits0
Circl
Circl
added 2026/06/24 4:7 p.m.7 views

CVE-2021-25149

creationtimestamp| type| source ---|---|--- 2026-06-24 16:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp2ccmccga2q...

9.8CVSS5.8AI score0.01634EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 3:16 p.m.12 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS0.0013EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 3:16 p.m.12 views

CVE-2026-11877

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

7.5CVSS0.00178EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:1 p.m.5 views

CVE-2026-11878

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/24 2:1 p.m.10 views

EUVD-2026-38791

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OpenText Access Manager allows Cross-Site Scripting XSS. This issue affects Access Manager: from 5.1 through 5.1.2...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-51820

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions 5.1 through 5.1.2 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendations...

8.2CVSS5.8AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51819

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions prior to 5.1.3 Description An unauthorized user can modify configuration through API calls, which impacts the OpenText Access Manager. Recommendations Update OpenText Access Manager to version 5.1.3 or later...

6.3CVSS5.8AI score0.00178EPSS
Exploits0References5
Rows per page
Query Builder