Lucene search
K

27 matches found

CVE
CVE
added 2026/06/17 7:42 p.m.36 views

CVE-2026-48814

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions

9.1CVSS5.3AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 8:18 p.m.6 views

EUVD-2026-36839

Unauthenticated Cross Site Scripting XSS in AutomatorWP = 5.7.2 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/03 1:22 p.m.7 views

WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AutomatorWP versions = 5.7.2...

7.1CVSS5.5AI score0.00175EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 9:21 p.m.7 views

CVE-2026-25223

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...

7.5CVSS5.5AI score0.0077EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 9:21 p.m.5 views

CVE-2026-25223 Fastify's Content-Type header tab character allows body validation bypass

Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content ...

7.5CVSS5.6AI score0.0077EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/02 10:23 p.m.10 views

Fastify's Content-Type header tab character allows body validation bypass

Impact A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character \t followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the serve...

7.5CVSS5.6AI score0.0077EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.11 views

PT-2026-6444

Impact A validation bypass vulnerability exists in Fastify where request body validation schemas specified by Content-Type can be completely circumvented. By appending a tab character t followed by arbitrary content to the Content-Type header, attackers can bypass body validation while the server...

7.5CVSS5.7AI score0.0077EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.5 views

CVE-2026-24381

Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...

5.4CVSS5.4AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.6 views

CVE-2026-24381

Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...

5.4CVSS0.00141EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.19 views

CVE-2026-24381 WordPress PhotoMe theme < 5.7.2 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in ThemeGoods PhotoMe photome allows Server Side Request Forgery.This issue affects PhotoMe: from n/a through 5.7.2...

5.4CVSS0.00141EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:52 p.m.9 views

CVE-2026-24381

CVE-2026-24381 is a SSRF in PhotoMe photome (WordPress theme/plugin) affecting PhotoMe versions before 5.7.2. Public disclosures in multiple feeds confirm an unauthenticated SSRF; Red Hat, CIRCL, NVD, and Wordfence reference this entry. The issue targets the PhotoMe photome component; remediation...

5.4CVSS5.4AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.5 views

MilleGPG5 security vulnerabilities

MilleGPG5 is an application developed by MilleGPG company. Version 5.7.2 of MilleGPG5 contains a security vulnerability. This vulnerability stems from allowing authenticated users to modify the service executable files located in the MariaDB bin directory, potentially leading to local privilege...

8.5CVSS5.8AI score0.00095EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/18 1:52 a.m.12 views

CVE-2025-11369

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the getinstagramaccesstokencallback, googlemapapikeysavecallback and getsiteinfo functions in all...

4.3CVSS4.9AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/17 1:48 a.m.5 views

CVE-2025-11369 Essential Blocks <= 5.7.2 - Missing Authorization To Authenticated (Author+) Information Disclosure

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access of data due to a missing or incorrect capability checks on the getinstagramaccesstokencallback, googlemapapikeysavecallback and getsiteinfo functions in all...

4.3CVSS4.6AI score0.00302EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/30 9:51 p.m.6 views

CVE-2020-36864 Nagios XI < 5.7.2 XSS via Dashboard Background Color Setting

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS0.00407EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:51 p.m.3 views

CVE-2020-36864 Nagios XI < 5.7.2 XSS via Dashboard Background Color Setting

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the background color settings in Dashboards. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.8AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44547

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the background color settings within Dashboards. This is due to inadequate validation or escaping of...

5.4CVSS6AI score0.00407EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.7.2 that stems from the upload handler not...

8.8CVSS8AI score0.01257EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44549

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the Manage Users page within the Admin interface. This is due to inadequate validation or escaping of...

5.4CVSS6AI score0.00383EPSS
Exploits0References4
OSV
OSV
added 2024/03/29 4:15 p.m.3 views

CVE-2024-30513

Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.2...

6.5CVSS5.8AI score0.00455EPSS
Exploits0References1
Rows per page
Query Builder