Lucene search
+L

60135 matches found

CVE
CVE
added yesterday8 views

CVE-2026-49485

Summary: CVE-2026-49485 affects HAPI FHIR’s FHIRPathEngine (matches(), matchesFull(), replaceMatches()) where user-controlled regex patterns are compiled via Java’s regex engine, enabling ReDoS and CPU exhaustion. The issue exists in implementations prior to version 6.9.9 and 6.9.4.2. An attacker...

7.5CVSS5.5AI score
Exploits0References6
EUVD
EUVD
added yesterday44 views

EUVD-2026-34900

AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance...

8.6CVSS5.2AI score0.00305EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday8 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS
Exploits0References6
CVE
CVE
added yesterday15 views

CVE-2026-52746

CVE-2026-52746 concerns the JSONata language. Affected: jsonata prior to version 2.2.0. Issue: malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications evaluating JSONata expressions. ...

7.5CVSS5.3AI score
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-52746 JSONata: Malicious inputs to "$toMillis" function can cause resource exhaustion

JSONata is a JSON query and transformation language. Prior to 2.2.0, malicious non-matching inputs to the $toMillis function can cause superlinear backtracking in the ISO-8601 validation regex, leading to denial of service in applications that evaluate user-provided JSONata expressions. This issu...

7.5CVSS5.3AI score
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-12691

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45219

Missing authentication for critical function vulnerability in Vimesoft Inc. Enterprise Video Platform allows Authentication Bypass. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

7.5CVSS5.3AI score
Exploits0References1
CVE
CVE
added yesterday20 views

CVE-2026-15982

The CVE-2026-15982 entry describes a Privilege Escalation flaw in the Aimogen Pro WordPress plugin (<= 2.8.4). The root cause is a missing capability check in the function aiomatic_call_google_ai_function, which allows unauthenticated attackers to use the aimogen_wp_god_mode tool to clear func...

9.8CVSS6.3AI score0.00294EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday13 views

CVE-2026-15982 Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit <= 2.8.4 - Unauthenticated Privilege Escalation via 'aiomatic_call_google_ai_function'

The Aimogen Pro - All-in-One AI Content Writer, Editor, ChatBot & Automation Toolkit plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.8.4. This is due to due to a missing capability check on the 'aiomaticcallgoogleaifunction' function. This makes ...

9.8CVSS0.00294EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday15 views

LotusCMS 3.0 - Remote Code Execution

LotusCMS 3.0 is susceptible to remote code execution via the Router function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call and allow remote code execution. id: CVE-2011-0518 info: name: LotusCMS 3.0 - Remote Code Execution author: pikpikcu...

5.1CVSS6.4AI score0.15833EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday39 views

WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution

WordPress themes including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4, Transcend = 1.1.8, Affluent = 1.1.0, Bonkers = 1.0.4, Antreas = 1.0.2, Sparkli...

9.8CVSS8.8AI score0.65342EPSS
Exploits1References7
Nuclei
Nuclei
added yesterday66 views

DedeCMS 5.7 SP2 - Cross-Site Scripting

DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATHINFO to /member/index.php, /member/pm.php,...

6.1CVSS5.7AI score0.02625EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday206 views

mooSocial 3.1.8 - External Service Interaction

mooSocial 3.1.8 is vulnerable to external service interaction via multiple parameters in the post function. id: CVE-2023-43323 info: name: mooSocial 3.1.8 - External Service Interaction author: ritikchaddha severity: medium description: | mooSocial 3.1.8 is vulnerable to external service...

6.5CVSS6.4AI score0.0186EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday104 views

MooSocial 3.1.8 - Cross-Site Scripting

A reflected cross-site scripting XSS vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL. id: CVE-2023-45542 info: name: MooSocial 3.1.8 - Cross-Site Scripting author...

6.1CVSS5.8AI score0.01635EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60836

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function Star.text to image/NetworkRenderStrategy.render of the file astrbot/core/star/base.py of the component T2I Feature. The manipulation leads to cross site scripting. The attack is...

5.1CVSS3.4AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60768

A security flaw has been discovered in mosaxiv clawlet up to 0.2.10. Impacted is the function list/remove of the file tools/tool cron.go of the component cron Chat Tool. The manipulation results in missing authorization. The attack may be performed from remote. The exploit has been released to th...

6.5CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60744

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.3AI score
Exploits0References3
NVD
NVD
added 2 days ago8 views

CVE-2026-63304

AVideo through 29.0 contains an OS command injection vulnerability in plugin/API/standAlone/functions.php where the listFFmpegProcesses function interpolates unsanitized keyword parameters inside single quotes without escaping. Attackers who can craft a valid encrypted codeToExec payload can brea...

9.2CVSS0.01355EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-44898

The Loco Translate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.5. This is due to missing or incorrect nonce validation on the execTemplate function. This makes it possible for unauthenticated attackers to execute arbitrary PHP code on...

8.8CVSS6.3AI score0.00211EPSS
Exploits0References10
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-44851

A heap overflow in the evalcommand function shell/ash.c of Busybox v1.38.0 allows attackers to cause a Denial of Service DoS via supplying a crafted input...

7.5CVSS6.1AI score0.00307EPSS
Exploits0References3
Rows per page
Query Builder