Lucene search
+L

1164 matches found

Cvelist
Cvelist
added yesterday9 views

CVE-2026-7771 IBM® Db2® is vulnerable to a trap when compiling specially crafted statements containing subqueries could lead to a denial of service

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service...

5.5CVSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago35 views

CVE-2025-32781 Apollo: Apollo Portal release endpoint allows cross-application configuration disclosure via releaseId

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.0, Apollo Portal does not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId while...

6.5CVSS0.00415EPSS
Exploits0References4
Microsoft Security Update
Microsoft Security Update
added 4 days ago10 views

2026-07 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB5099535)

2026-07 Cumulative Update for Windows 10 Version 1607 for x64-based Systems KB5099535...

6.1AI score
Exploits0
CVE
CVE
added 5 days ago11 views

CVE-2026-61970

The CVE-2026-61970 entry concerns a Server-Side Request Forgery (SSRF) in the Themeisle Auto Featured Image (Auto Post Thumbnail) WordPress plugin. Affected versions are <= 5.0.4 (reported as from n/a through

4.9CVSS6.1AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 9:10 p.m.23 views

CVE-2026-55849

The CVE affects @cyclonedx/cyclonedx-npm: from 2.1.0 up to 5.0.0, the CLI passes user-supplied --workspace values to a subshell when npm_execpath is unset or empty, enabling arbitrary OS command execution with the invoking user’s privileges. Root cause is unsanitized input used in a shell command...

8.5CVSS6.2AI score0.0016EPSS
Exploits0References4
OSV
OSV
added 2026/07/08 1:30 p.m.3 views

CVE-2026-15034 flask-dashboard Flask-MonitoringDashboard cross-site request forgery

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/07/06 6:30 a.m.41 views

CVE-2026-14802 react create-react-app react-dev-utils openBrowser.js startBrowserProcess os command injection

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The...

7.5CVSS0.01324EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/06 3:0 a.m.35 views

CVE-2026-14792 Formbricks Survey actions.ts access control

A security vulnerability has been detected in Formbricks 5.0.0. This impacts an unknown function of the file apps/web/modules/survey/link/actions.ts of the component Survey Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. Upgrading to...

6.9CVSS0.00366EPSS
Exploits0References8
CVE
CVE
added 2026/07/06 3:0 a.m.12 views

CVE-2026-14792

CVE-2026-14792 affects Formbricks 5.0.0, specifically the file apps/web/modules/survey/link/actions.ts within the Survey Handler component. The issue is improper access controls that enable remote exploitation. The advisory indicates upgrading to version 5.1.0-rc.1 fixes the vulnerability; patch ...

6.9CVSS6.1AI score0.00366EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/03 11:50 p.m.10 views

Malicious code in bytekit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References4
CVE
CVE
added 2026/07/01 3:43 a.m.17 views

CVE-2026-12090

The Taskbuilder WordPress plugin (Taskbuilder – Project Management & Task Management Tool With Kanban Board) is affected by a generic SQL Injection via the wppm_proj_filter parameter in all versions up to 5.0.8. The root cause is insufficient escaping of the user-supplied parameter and an inadequ...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References9
OSV
OSV
added 2026/06/30 10:16 a.m.4 views

DEBIAN-CVE-2026-13149

brace-expansion through 5.0.6 is vulnerable to denial of service. The expand function exhibits exponential-time complexity in the number of consecutive non-expanding '' brace groups. An attacker who passes a crafted string to expand, directly or transitively, can cause significant CPU consumption...

8.7CVSS5.7AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-274 Apache Airflow Hive Provider vulnerable to Command Injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...

9.8CVSS7.3AI score0.0322EPSS
Exploits0References6
NVD
NVD
added 2026/06/27 8:16 a.m.10 views

CVE-2026-11783

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in all versions up to, and including, 5.0.4 due to insufficient input sanitization and output escaping. This mak...

6.4CVSS0.0022EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.8 views

CVE-2026-11987

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.0.4 via the 'id' parameter due to missing validation on a user controlled key. This...

4.3CVSS5.7AI score0.00271EPSS
Exploits0References15
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56033

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

9.8CVSS0.00331EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56030

Unauthenticated Privilege Escalation in Paytium = 5.0.2 versions...

9.8CVSS0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39698

Unauthenticated Multiple Vulnerabilities in BitFire Security = 5.0.3 versions...

8.6CVSS5.8AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39696

Unauthenticated Privilege Escalation in Dokan Pro = 5.0.4 versions...

9.8CVSS5.8AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:51 p.m.10 views

CVE-2026-47733

Rocket.Chat CVE-2026-47733 affects the ImageElement in packages/gazzodown prior to 8.5.0, where user-controlled src values are inserted into and without protocol sanitization. An authenticated user can post markdown images with a javascript: URL that, on older browsers, could execute arbitrary ...

4.4CVSS6.1AI score0.00118EPSS
Exploits0References1
Rows per page
Query Builder