Lucene search
+L

369 matches found

cve
cve
added 4 days ago12 views

CVE-2026-55771

CVE-2026-55771 affects CedarJava prior to 4.9.0, where EntityIdentifier.equals() has inverted null/self-reference checks, causing incorrect equality results in custom integrations. The bug does not alter Cedar’s authorization decisions (computed in Rust from JSON) but could affect external code p...

8.8CVSS6AI score0.00345EPSS
Exploits0References1
ptsecurity
ptsecurity
added 4 days ago6 views

PT-2026-57856

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 4.9.0 Description The EntityIdentifier.equals function contains inverted logic for null and self-reference checks. This causes the method to return true for null comparisons and false for self-comparisons, leading t...

8.8CVSS6.1AI score0.00345EPSS
Exploits0References4
osv
osv
added 2026/07/09 6:34 p.m.3 views

CVE-2026-54002 Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS5.8AI score0.00409EPSS
Exploits0References9
euvd
euvd
added 2026/07/01 7:53 a.m.11 views

EUVD-2026-40937

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
circl
circl
added 2026/06/24 4:7 p.m.7 views

CVE-2021-25149

creationtimestamp| type| source ---|---|--- 2026-06-24 16:07:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mp2ccmccga2q...

9.8CVSS5.8AI score0.01634EPSS
Exploits0References1
astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in openexr

OpenEXR provides the specification and reference implementation of the EXR file format, a image storage format for the motion picture industry. From version 3.2.0 up to versions 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder used signed 32-bit arithmetic to construct temporary per-component block...

8.8CVSS5.7AI score0.00419EPSS
Exploits1References2
nessus
nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-9539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host...

6.5CVSS6.2AI score0.00106EPSS
Exploits0References3
euvd
euvd
added 2026/06/17 6:35 p.m.12 views

EUVD-2026-37603

Unauthenticated Cross Site Scripting XSS in collectchat = 2.4.9 versions...

7.1CVSS5.1AI score0.0023EPSS
Exploits0References2
cve
cve
added 2026/06/17 9:51 a.m.16 views

CVE-2026-40765

The CVE-2026-40765 entry details an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress collectchat plugin versions

7.1CVSS5.1AI score0.0023EPSS
Exploits0References1
osv
osv
added 2026/06/16 11:47 a.m.6 views

BIT-MARIADB-MIN-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.1CVSS5.6AI score0.00316EPSS
Exploits0References12
euvd
euvd
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36916

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS5.2AI score0.00393EPSS
Exploits0References2
nvd
nvd
added 2026/06/15 9:16 p.m.10 views

CVE-2026-39463

Unauthenticated Cross Site Scripting XSS in ManageWP Worker = 4.9.31 versions...

7.1CVSS0.0023EPSS
Exploits0References1
nvd
nvd
added 2026/06/15 9:16 p.m.12 views

CVE-2026-27407

Editor Privilege Escalation in AI Engine = 3.4.9 versions...

7.2CVSS0.00393EPSS
Exploits0References1
euvd
euvd
added 2026/06/15 8:19 p.m.12 views

EUVD-2026-36869

Unauthenticated Sensitive Data Exposure in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels = 4.9.4 versions...

7.5CVSS5.2AI score0.00294EPSS
Exploits0References1
patchstack
patchstack
added 2026/06/11 12:59 p.m.9 views

WordPress WP Maps plugin < 4.9.3 - Subscriber+ Local File Inclusion vulnerability

Subscriber+ Local File Inclusion vulnerability discovered by Mustafa Ahmed in WordPress Plugin WP Maps versions 4.9.3...

7.5CVSS5.4AI score0.00383EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/06/08 10:15 a.m.6 views

CVE-2026-11505

A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack may be launched remotely. The attack requires ...

5CVSS5.2AI score0.00197EPSS
Exploits0References7Affected Software8
ptsecurity
ptsecurity
added 2026/05/29 12:0 a.m.15 views

PT-2026-44997

Name of the Vulnerable Software and Affected Versions Exim versions 4.88 through 4.99.3 Description In certain proxy configurations, the PROXY-protocol parser mishandles short payloads, resulting in a pre-authentication information disclosure. This issue allows the leakage of uninitialized stack...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References31
euvd
euvd
added 2026/05/27 9:49 a.m.11 views

EUVD-2026-32177

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/26 7:43 p.m.8 views

CVE-2026-44836 view_component: Preview Route Can Dispatch Inherited Helper Methods

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...

6.5CVSS5.9AI score0.00343EPSS
Exploits0References1
cve
cve
added 2026/05/23 1:45 p.m.44 views

CVE-2026-9304

CVE-2026-9304 describes a server-side request forgery in calcom cal.diy ≤ 4.9.4 . The flaw is in the function validateUrlForSSRF in the file apps/web/app/api/logo/route.ts of the Logo API component. Exploitation can be remote; exploitability is described as difficult. A public exploit exists. The...

5CVSS5.3AI score0.00199EPSS
Exploits0References4
Rows per page
Query Builder