Lucene search
+L

39627 matches found

CVE
CVE
added 3 hours ago21 views

CVE-2026-50185

CVE-2026-50185 affects RustCrypto CMOV (cmov crate) aarch64 backends where Cmov and CmovEq incorrectly assume high bits are zero-extended when loading small values, causing left.cmovz and cmoveq operations to produce incorrect results under certain casts or inline-asm paths. Affected range is 0.1...

2CVSS5.4AI score
Exploits0References3
Cvelist
Cvelist
added 3 hours ago6 views

CVE-2026-50185 RustCrypto Cmov/CmovEq on aarch64 can produce wrong results if high-bits of registers are set

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, the aarch64 implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs assume high bits ar...

2CVSS
Exploits0References3
EUVD
EUVD
added 4 hours ago9 views

EUVD-2026-41921

vLLM has Remote DoS via Invalid Recovered Token Reinjection...

7.5CVSS5.2AI score0.00343EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago61 views

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

8.2CVSS4.8AI score0.01089EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago48 views

WordPress Plugin MainWP Child - Authentication Bypass

The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to login as an administrator without providing a password. This vulnerability is only exploitable when the plugin has not been connected to a MainWP Dashboard and the "Require unique security ID" option is no...

8.1CVSS8.4AI score0.02369EPSS
Exploits0References5
Nuclei
Nuclei
added 16 hours ago8 views

Piwigo < 16.3.0 - Unauthenticated Information Disclosure via History API

Piwigo = 16.3.0 contains an information disclosure vulnerability caused by the pwg.history.search API method lacking adminonly restriction, letting unauthenticated users access full browsing history, exploit requires no authentication id: CVE-2026-27833 info: name: Piwigo 16.3.0 - Unauthenticated...

7.5CVSS5.2AI score0.01522EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago36 views

Avid NEXIS Agent - Arbitrary File Read

Avid NEXIS E-series, F-series, PRO+, and System Director Appliance SDA+ before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication. id:...

8.7CVSS8.6AI score0.01083EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago85 views

Breeze <= 2.4.4 - Arbitrary File Upload

Breeze Cache WordPress plugin = 2.4.4 contains an unrestricted file upload vulnerability caused by missing file type validation in 'fetchgravatarfromremote' function, letting unauthenticated attackers upload arbitrary files, exploit requires 'Host Files Locally - Gravatars' enabled. id:...

9.8CVSS5.7AI score0.36512EPSS
Exploits8References2
Nuclei
Nuclei
added 16 hours ago25 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6AI score0.01668EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago31 views

Glances - Information Disclosure

Glances 4.5.2 contains an information disclosure vulnerability caused by the web server running without authentication by default, letting remote attackers access sensitive system information including credentials, exploit requires no special privileges. id: CVE-2026-32596 info: name: Glances -...

8.7CVSS7.8AI score0.0155EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago7 views

EventON Lite <= 2.4 - Authenticated Local File Inclusion

Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...

8.8CVSS8.5AI score0.0187EPSS
Exploits0References1
Nuclei
Nuclei
added 16 hours ago14 views

Bulk Me Now! Plugin <= 2.0 - Cross-Site Scripting

Bulk Me Now! WordPress plugin = 2.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS8AI score0.00528EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago11 views

WordPress Front End Users - Reflected XSS

WordPress Front End Users plugin = 3.2.32 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS8AI score0.00511EPSS
Exploits1References1
Nuclei
Nuclei
added 16 hours ago59 views

Post Sync Plugin <= 1.1 - Cross-Site Scripting

Post Sync WordPress plugin = 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a maliciou...

6.1CVSS8AI score0.00605EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago12 views

WP BASE Booking - Reflected XSS

WP BASE Booking of Appointments, Services and Events WordPress plugin 5.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute malicious scripts in high privilege users' browsers, exploit requires victim to...

6.1CVSS8.1AI score0.00573EPSS
Exploits1References1
Nuclei
Nuclei
added 16 hours ago12 views

WordPress TS Poll < 2.4.0 - SQL Injection

WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...

7.2CVSS5.6AI score0.02277EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago53 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS5.2AI score0.01379EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago36 views

WP Triggers Lite - Cross-Site Scripting

WP Triggers Lite WordPress plugin v2.5.3 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

7.1CVSS8AI score0.0055EPSS
Exploits1References2
Nuclei
Nuclei
added 16 hours ago13 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS5.3AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago37 views

Hongjing e-HR 2020 - SQL Injection

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

9.8CVSS7AI score0.03766EPSS
Exploits1References2
Rows per page
Query Builder