Lucene search
K

190 matches found

CVE
CVE
added yesterday7 views

CVE-2026-57811

CVE-2026-57811 concerns WordPress Realtyna Organic IDX plugin (real-estate-listing-realtyna-wpl) with versions up to and including 5.2.0. The issue is labeled as an improper generation of code (Code Injection) vulnerability that enables Remote Code Inclusion. It affects the plugin’s handling of c...

10CVSS6.2AI score0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/04 1:15 p.m.28 views

CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS0.00309EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/30 1:25 p.m.4 views

WordPress Kids Life | Children School WordPress theme <= 5.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Kids Life | Children School WordPress versions = 5.6...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/26 7:54 a.m.37 views

CVE-2026-1869

CVE-2026-1869 concerns the WordPress plugin “User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder.” The vulnerability is caused by missing validation checks in the confirm_payment() function across all...

6.5CVSS5.8AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 5:29 p.m.16 views

CVE-2026-57700

Summary of CVE-2026-57700 (WordPress OMGF Pro plugin

10CVSS5.8AI score0.00373EPSS
In wildExploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50503

Name of the Vulnerable Software and Affected Versions Connext Professional versions 7.4.0 through 7.6.x Connext Professional versions 7.0.0 through 7.3.1.2 Connext Professional versions 6.1.0 through 6.1.x Connext Professional versions 6.0.0 through 6.0.x Connext Professional versions 5.3.0 throu...

9.2CVSS6.3AI score0.00189EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/16 12:37 p.m.9 views

Important: Red Hat Security Advisory: Red Hat Update Infrastructure 5.2 security update

The latest release of Red Hat Update Infrastructure. For more details, see the product documentation. Red Hat Update Infrastructure RHUI container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images. This release updates to the latest version...

9.8CVSS6.4AI score0.02719EPSS
Exploits6References37
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-48868

Unauthenticated Insecure Direct Object References IDOR in Simple Shopping Cart = 5.2.9 versions...

7.5CVSS0.00278EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/18 1:31 p.m.14 views

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins

NPM: webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins vulnerability discovered by ? in WordPress Npm webpack-dev-server versions = 5.2.3...

6.5CVSS5.9AI score0.00216EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/16 12:30 p.m.12 views

EUVD-2025-209886

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/16 12:30 p.m.9 views

CVE-2025-4202 Multicollab: Content Team Collaboration and Editorial Workflow <= 5.2 - Missing Authorization to Authenticated (Subscriber+) Collaboration Comment

The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cfaddcomment' function in all versions up to, and including, 5.2. This makes it possible for authenticated attackers...

4.3CVSS5.9AI score0.00237EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/12 9:19 a.m.10 views

Exposed Dangerous Method or Function

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function in Server.js, when handling non-HTTPS responses. An attacker can...

6.5CVSS5.8AI score0.00427EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Fortinet FortiTokenAndroid 安全漏洞

Fortinet FortiTokenAndroid is a mobile security authentication application developed by Fortinet, Inc. It provides two-factor authentication and dynamic password generation features. There are security vulnerabilities in all versions of Fortinet FortiTokenAndroid, including 6.2, 6.1, and 5.2. The...

5.5CVSS5.8AI score0.00097EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017471 advisory. The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function. Tenable has extracted the preceding...

7.5CVSS6.8AI score0.03154EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.8 views

Django Uses Persistent Cookies Containing Sensitive Information

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/05/05 4:16 p.m.14 views

PYSEC-2026-55

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served.Earlier, unsupported Django series such as 5.0.x, 4.1.x...

5.3CVSS5.8AI score0.00358EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:50 p.m.4 views

CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/05 2:49 p.m.10 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/05 2:49 p.m.11 views

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36193

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.2.1 IBM watsonx.data intelligence versions 5.3.0 through 5.3.1 Description User credentials are stored in plain text, allowing a local user to read them. Recommendations At the moment, the...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References5
Rows per page
Query Builder