Lucene search
K

13 matches found

EUVD
EUVD
added 2026/06/05 8:9 p.m.58 views

EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

8.7CVSS5.4AI score0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 6:32 a.m.12 views

EUVD-2024-24880

Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...

7.5CVSS5.8AI score0.00591EPSS
Exploits7References3
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.35 views

CVE-2024-27686

Mikrotik RouterOS x86 6.40.5 through 6.49.10 fixed in 7 allows a remote attacker to cause a denial of service device crash via crafted packet data to the SMB service on TCP port 445...

0.00591EPSS
Exploits7References2
CVE
CVE
added 2026/05/08 12:0 a.m.69 views

CVE-2024-27686

CVE-2024-27686 affects MikroTik RouterOS on x86, with versions 6.40.5 through 6.49.10 vulnerable to remote denial of service via specially crafted SMB data on TCP port 445; 6.49.10 is among the tested ranges and the fix is in version 7. The root cause involves handling of SMB requests that can cr...

7.5CVSS5.8AI score0.00591EPSS
Exploits7References2
Cvelist
Cvelist
added 2026/04/07 3:53 p.m.17 views

CVE-2026-35578

...

0.00043EPSS
Exploits0
NVD
NVD
added 2026/03/11 9:16 p.m.5 views

CVE-2026-32111

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/11 8:41 p.m.4 views

CVE-2026-32111 ha-mcp OAuth 2.1 DCR mode enables network reconnaissance via an error oracle

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form beta feature accepts a user-supplied haurl and makes a server-side HTTP request to haurl/api/config with no URL validation. An unauthenticated attacker can submit arbitrary URLs to perform internal network...

5.3CVSS6AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 9:37 p.m.54 views

CVE-2026-28687

ImageMagick (MSL decoder) is affected by a heap use-after-free in the MSL decoding path prior to 7.1.2-16 and 6.9.13-41. A freed memory access is triggered by crafting an MSL file, leading to potential memory corruption. The issue is fixed in 7.1.2-16 and 6.9.13-41. Remediation: upgrade to those ...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/01 7:31 a.m.7 views

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin <= 7.35 - Authenticated (Contributor+) Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability

WordPress WP Import - Ultimate CSV XML Importer for WordPress plugin = 7.35 - Authenticated Contributor+ Server-Side Request Forgery via Bitly Shortlink Bypass vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.35...

6.4CVSS6.8AI score0.00237EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/10/17 5:15 p.m.7 views

AZL-68562 CVE-2025-62168 affecting package squid for versions less than 6.13-3

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

10CVSS5.8AI score0.62871EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/09/22 10:25 p.m.6 views

WordPress Admin and Site Enhancements plugin < 7.9.8 - Authenticated Stored XSS via SVG vulnerability

Authenticated Stored XSS via SVG vulnerability discovered by NGUYEN HOANG DUY in WordPress Plugin Admin and Site Enhancements ASE versions 7.9.8...

4.7CVSS5.7AI score0.00217EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/07/15 1:4 p.m.3 views

CVE-2025-34115

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmdstr' parameter in the commandtest.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web...

8.7CVSS6.1AI score0.02321EPSS
Exploits0References5
OSV
OSV
added 2025/04/10 8:3 p.m.6 views

CVE-2025-29916 Suricata datasets: ruleset declared settings can lead to resource starvation

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Datasets declared in rules have an option to specify the hashsize to use. This size setting isn't properly limited, so the hash table allocation can be large. Untrusted rules can...

6.2CVSS6AI score0.00251EPSS
Exploits0References5
Rows per page
Query Builder