Lucene search
+L

613 matches found

CVE
CVE
added yesterday33 views

CVE-2026-49284

The CVE affects SimpleSAMLphp SP: the ACS path permits a response from an unexpected IdP when an unsigned Response/InResponseTo combines with a signed assertion lacking SubjectConfirmationData/InResponseTo. A response from IdP B can be bound to SP state created for IdP A, allowing bypass of IdP-s...

7.1CVSS5.3AI score
Exploits0References3
Microsoft Security Update
Microsoft Security Update
added 4 days ago5 views

2026-07 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5102205)

2026-07 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 KB5102205...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

openSUSE 16 Security Update : tiff (openSUSE-SU-2026:21289-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21289-1 advisory. This update for tiff fixes the following issues - CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF...

7.8CVSS6.9AI score0.00553EPSS
Exploits0References8
NVD
NVD
added 5 days ago3 views

CVE-2026-57415

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codemenschen Gift Vouchers gift-voucher allows Stored XSS.This issue affects Gift Vouchers: from n/a through = 4.7.0...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 5 days ago14 views

CVE-2026-57810

CVE-2026-57810 describes a SQL injection in the WordPress plugin APIExperts Square for WooCommerce (woosquare), affecting versions up to and including 4.7.4. The vulnerability is characterized as blind SQL injection due to improper neutralization of special elements in SQL queries. The provided d...

8.5CVSS6.1AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-57415 WordPress Gift Vouchers plugin <= 4.7.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codemenschen Gift Vouchers gift-voucher allows Stored XSS.This issue affects Gift Vouchers: from n/a through = 4.7.0...

7.1CVSS0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/09 2:7 p.m.5 views

WordPress APIExperts Square for WooCommerce plugin <= 4.7.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Averon Averenkov in WordPress Plugin APIExperts Square for WooCommerce versions = 4.7.4...

8.5CVSS6.1AI score0.00211EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/08 5:17 p.m.13 views

CVE-2026-59731

Astro is a web framework for content-driven websites. Version 6.4.7 performs authorization decisions on a partially decoded pathname after reaching the iterative URL decoder limit, while later rewrite route matching performs an additional decodeURI operation and can resolve the request to a...

8.2CVSS0.00267EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56131

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Terminal websocket bootstrap routes only verify authentication but fail to enforce terminal authorization. This allows a low-privileged team member to connect to these routes and execute...

9.9CVSS6AI score0.00405EPSS
Exploits0References7
NVD
NVD
added 2026/07/06 10:16 p.m.9 views

CVE-2026-42148

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build command using the devhelperversion field without shell escaping, allowing an attack...

3.8CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 6:27 a.m.6 views

OESA-2026-2836 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/06 6:27 a.m.5 views

OESA-2026-2834 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

5.9AI score
Exploits0References2
Circl
Circl
added 2026/07/05 7:7 p.m.10 views

CVE-2021-4447

creationtimestamp| type| source ---|---|--- 2026-07-05 19:07:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mpwbilun7q2i...

8.8CVSS5.9AI score0.00444EPSS
Exploits0References1
OSV
OSV
added 2026/07/03 1:32 p.m.6 views

MINI-GWHV-5247-XMGH

Bulletin has no description...

5.9AI score
Exploits0
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57690

Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...

4.3CVSS0.00104EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57689

Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...

4.3CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.15 views

CVE-2026-57689

The CVE-2026-57689 entry concerns the WordPress Werkstatt theme (versions up to 4.7.2) with a Broken Access Control flaw. Affected component: Werkstatt WordPress theme; root cause: broken access control mechanisms in version &lt;= 4.7.2. Impact: unauthorized access to restricted functionality, as...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55031

Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...

4.3CVSS5.8AI score0.00104EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55030

Subscriber Broken Access Control in Werkstatt = 4.7.2 versions...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 8:18 p.m.31 views

CVE-2026-34597

CVE-2026-34597 affects Coolify prior to 4.0.0-beta.470. The vulnerability lies in how user-supplied build parameters for the Nixpacks build pack are handled: the install_command provided by a user is directly concatenated into a shell command string executed on the deployment host during the buil...

8.8CVSS6.2AI score0.00526EPSS
Exploits0References1
Rows per page
Query Builder