Lucene search
K

14647 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2025-210417

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2025-210414

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago39 views

CVE-2025-71353 picklescan - Remote Code Execution via torch._dynamo.guards.GuardBuilder.get

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch.dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded...

8.1CVSS0.003EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago12 views

PT-2026-55670

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.28 Description The software fails to detect malicious pickle files that exploit the torch. dynamo.guards.GuardBuilder.get function within reduce methods. This allows attackers to craft pickle files containing...

8.1CVSS6.1AI score0.003EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS6.1AI score0.00305EPSS
Exploits0References12
NVD
NVD
added last week6 views

CVE-2026-59100

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS0.0018EPSS
Exploits0References4
Cvelist
Cvelist
added last week34 views

CVE-2026-59100 LobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent Operations

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS0.0018EPSS
Exploits0References4
NVD
NVD
added last week4 views

CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS0.00386EPSS
Exploits0References3
Cvelist
Cvelist
added last week33 views

CVE-2026-11946 GetEndpoints Memory Exhaustion in open62541

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS0.00386EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2026-13459

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00333EPSS
Exploits0References12
NVD
NVD
added last week8 views

CVE-2026-12122

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.11 via the getsinglesymbol. This makes it possible for unauthenticated attackers to extract the full builder metadata and...

5.3CVSS0.00285EPSS
Exploits0References8
CVE
CVE
added last week12 views

CVE-2026-12122

The CVE-2026-12122 entry documents a vulnerability in the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin (versions up to and including 6.0.11). The issue is a Sensitive Information Exposure via get_single_symbol that allows unauthenticated attackers to extract full b...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References8
Cvelist
Cvelist
added last week35 views

CVE-2026-12122 Kirki <= 6.0.11 - Missing Authorization to Unauthenticated Sensitive Information Exposure via kirki_post_apis_nopriv AJAX Action

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.11 via the getsinglesymbol. This makes it possible for unauthenticated attackers to extract the full builder metadata and...

5.3CVSS0.00285EPSS
Exploits0References8
EUVD
EUVD
added last week7 views

EUVD-2026-41264

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.11 via the getsinglesymbol. This makes it possible for unauthenticated attackers to extract the full builder metadata and...

5.3CVSS5.8AI score0.00285EPSS
Exploits0References8
EUVD
EUVD
added last week6 views

EUVD-2026-41263

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References12
Cvelist
Cvelist
added last week34 views

CVE-2026-13459 JetFormBuilder <= 3.6.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via 'context' Parameter

The JetFormBuilder — Dynamic Blocks Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS0.00333EPSS
Exploits0References12
CVE
CVE
added last week15 views

CVE-2026-13459

JetFormBuilder for WordPress (Dynamic Blocks Form Builder) is affected up to version 3.6.3 due to an authorization bypass in the get_from_db generator. Unauthenticated attackers can retrieve distinct values stored in wp_postmeta (including Woocommerce PII like _billing_email, _billing_phone, and ...

5.3CVSS5.8AI score0.00333EPSS
Exploits0References12
OSV
OSV
added 2026/07/02 12:0 a.m.3 views

UBUNTU-CVE-2026-55153

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 10:16 p.m.4 views

CVE-2026-36912

A NULL pointer dereference in the AP4AtomSampleTable::GetSample function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

7.5CVSS0.00343EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:22 p.m.5 views

CVE-2026-58457

Shenzhen Aitemi M300 Wi-Fi Repeater hardware model MT02 contains an unauthenticated OS command injection vulnerability that allows network-adjacent attackers to execute arbitrary shell commands by injecting unsanitized input through the smacfilterconf handler in the commuos web backend. Attackers...

9.8CVSS6.1AI score0.01671EPSS
Exploits0References4
Rows per page
Query Builder