Lucene search
K

72 matches found

CVE
CVE
added 2026/06/18 5:34 a.m.26 views

CVE-2026-11360

The CVE-2026-11360 entry concerns the WordPress plugin Advanced Order Export For WooCommerce (WooCommerce), affected up to version 4.0.10. The vulnerability is a generic SQL Injection via the sort_direction parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitati...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References14
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-47277

Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads to arbitrary file read through app-store logo symlinks. The path guard checks only...

6.5CVSS0.00399EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:59 a.m.5 views

CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 4:47 a.m.3 views

CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

8.2CVSS5.8AI score0.00595EPSS
Exploits1References5
OSV
OSV
added 2026/03/20 4:43 a.m.5 views

CVE-2026-33012 Micronaut Framework vulnerable to a Denial of Service in HTML error response caching

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache with no eviction policy in its DefaultHtmlErrorResponseBodyProvider. If the application throws an...

7.5CVSS5.8AI score0.00561EPSS
Exploits0References5
CVE
CVE
added 2026/03/13 7:15 p.m.13 views

CVE-2026-31798

CVE-2026-31798 affects JumpServer’s Custom SMS API Client. The root cause is improper certificate validation, enabling an attacker to intercept MFA/OTP verification codes before delivery to the user’s phone. Impact is limited to credentials/OTP confidentiality with network exposure, as per the pr...

5CVSS5.9AI score0.00097EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/02/19 8:26 a.m.16 views

CVE-2026-25330

CVE-2026-25330 affects the WordPress PublishPress Authors plugin (<= 4.10.1). Described as a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control security levels. CVSSv3.1: 4.3 (Medium) with Network attack vector, Privileges Required: Low, Us...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/08 12:32 p.m.8 views

CVE-2026-2152

A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file advrouting.php of the component Web Configuration Interface. Performing a manipulation of the argument destip/ submask/ gw results in os command injection. The attack may be initiated remotely. T...

8.6CVSS6.8AI score0.04545EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.4 views

CVE-2026-25487

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References1
OSV
OSV
added 2026/02/02 10:24 p.m.6 views

CVE-2026-25059 OpenList affected by Path Traversal in file copy and remove handlers

OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename components in req.Names are directly concatenated with validated directories using stdpath.Join. Thi...

8.8CVSS5.6AI score0.00598EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.8 views

PT-2026-6294

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Shipping...

6.2CVSS5.5AI score0.00261EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/01/28 1:32 a.m.5 views

CVE-2026-1505 D-Link DIR-615 URL Filter set_temp_nodes.php os command injection

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /settempnodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

8.6CVSS5.6AI score0.04474EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.3 views

CVE-2025-50004

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

8.5CVSS5.3AI score0.00559EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.3 views

CVE-2025-50004 WordPress JupiterX Core plugin <= 4.10.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

8.8CVSS5.9AI score0.00559EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.8 views

PT-2025-51179

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

5.3CVSS6.6AI score0.00401EPSS
Exploits1References7
Patchstack
Patchstack
added 2025/12/13 2:12 p.m.5 views

WordPress Prime Slider – Addons For Elementor plugin <= 4.0.10 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by NumeX in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.0.10...

9.1CVSS7AI score0.00154EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/12/10 3:47 p.m.7 views

Out-of-bounds Read

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS6.7AI score0.00439EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/10 3:47 p.m.5 views

Out-of-bounds Read

Overview Magick.NET-Q16-HDRI-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS6.7AI score0.00439EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:17 p.m.5 views

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

8.4CVSS0.00135EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 10:44 a.m.11 views

CVE-2025-40831

SINEC Security Monitor prior to V4.10.0 is affected by an input validation flaw in the date parameter of the report generation function. This could allow an authenticated, low-priv attacker to cause a denial-of-service condition in the report feature. Mitigation: upgrade to V4.10.0 or later (per ...

7.1CVSS6.3AI score0.00326EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder