Lucene search
K

79 matches found

Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56131

Name of the Vulnerable Software and Affected Versions Coolify versions prior to 4.0.0-beta.471 Description Terminal websocket bootstrap routes only verify authentication but fail to enforce terminal authorization. This allows a low-privileged team member to connect to these routes and execute...

9.9CVSS6AI score0.00405EPSS
Exploits0References7
OSV
OSV
added 6 days ago5 views

OESA-2026-2836 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

5.9AI score
Exploits0References2
OSV
OSV
added 6 days ago5 views

OESA-2026-2834 libtiff security update

This provides support for the Tag Image File Format TIFF, a widely used format for storing image data. The latest version of the TIFF specification is available on-line in several different formats.And contains command-line programs for manipulating TIFF format image files using the libtiff...

5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36917

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS5.1AI score0.00251EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.9 views

CVE-2026-34886

Unauthenticated Broken Access Control in Simple Membership = 4.7.1 versions...

7.5CVSS0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 1:26 a.m.10 views

CVE-2026-10737 SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 2:48 p.m.9 views

EUVD-2026-30301

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS6AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 11:16 a.m.39 views

CVE-2026-45211

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

8.5CVSS0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40011

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2026/05/12 12:0 a.m.20 views

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB5088860)

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 KB5088860 Applies to: Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2...

7.3CVSS5.9AI score0.00662EPSS
Exploits0
OSV
OSV
added 2026/05/07 6:17 p.m.10 views

JLSEC-2026-484

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c...

5.5CVSS5.7AI score0.00113EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/04 9:24 a.m.9 views

CVE-2026-1706

The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

6.1CVSS6.1AI score0.00231EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/03/04 6:19 a.m.9 views

WordPress All-in-One Video Gallery plugin <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter vulnerability

Reflected Cross-Site Scripting via 'vi' Parameter vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin All-in-One Video Gallery versions = 4.7.1...

6.1CVSS5.9AI score0.00231EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/02/25 6:32 p.m.3 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the tiffcrop.c component. An attacker can cause a crash or potentially execute arbitrary code by triggering a double free condition. Remediation Upgrade libtiff to version 4.7.1 or higher. References - GitHub Gist - GitL...

6.8CVSS6.3AI score0.00131EPSS
Exploits1References2
NVD
NVD
added 2026/02/23 7:22 p.m.4 views

CVE-2025-61145

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c...

5.5CVSS0.00131EPSS
Exploits1References3
OSV
OSV
added 2026/02/23 7:22 p.m.6 views

AZL-78308 CVE-2025-61143 affecting package libtiff for versions less than 4.6.0-12

libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tifopen.c...

5.5CVSS5.6AI score0.00113EPSS
Exploits0References1
OSV
OSV
added 2026/02/23 7:22 p.m.3 views

UBUNTU-CVE-2025-61145

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c...

5.5CVSS5.7AI score0.00131EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/02/23 7:22 p.m.6 views

CVE-2025-61145

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c...

5.5CVSS5.8AI score0.00131EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/23 7:22 p.m.7 views

CVE-2025-61144

libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function...

9.8CVSS5.9AI score0.00253EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/23 12:0 a.m.23 views

CVE-2025-61145

libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c...

0.00131EPSS
Exploits1References3
Rows per page
Query Builder