Lucene search
+L

56464 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-15103

The CVE affects the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell WordPress plugin. All versions up to 3.12.8 are vulnerable to privilege escalation via an insecure update_settings() REST callback that does not validate the group_id path parameter against an allowlis...

8.8CVSS6.1AI score0.00319EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2 days ago8 views

CVE-2026-50144

A flaw was found in ncnn, a high-performance neural network inference framework. A remote attacker could craft a malicious model file that, when processed by a user, triggers an out-of-bounds heap write. This vulnerability in the ncnn::ParamDict::loadparam function is caused by insufficient...

7.1CVSS6.4AI score0.00108EPSS
Exploits0References2
OSV
OSV
added 2 days ago5 views

MINI-4QJ2-P73Q-CWMM

Bulletin has no description...

4.4CVSS6.1AI score0.00393EPSS
Exploits2
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-44894

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.3AI score0.00225EPSS
Exploits0References5
Circl
Circl
added 2 days ago5 views

CVE-2026-53366

creationtimestamp| type| source ---|---|--- 2026-07-16 07:43:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqqqgthqbh2s 2026-07-16 17:31:03+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116930842680877521...

7.8CVSS6.1AI score0.00191EPSS
Exploits0References2
OSV
OSV
added 2 days ago5 views

ROOT-OS-DEBIAN-13-CVE-2026-23373 CVE-2026-23373 in rootio-linux - Patched by Root

Root has patched CVE-2026-23373 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.9AI score0.00114EPSS
Exploits0
OSV
OSV
added 2 days ago8 views

ROOT-OS-DEBIAN-13-CVE-2026-46216 CVE-2026-46216 in rootio-linux - Patched by Root

Root has patched CVE-2026-46216 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.2AI score0.00127EPSS
Exploits0
OSV
OSV
added 2 days ago6 views

ROOT-OS-DEBIAN-13-CVE-2025-68776 CVE-2025-68776 in rootio-linux - Patched by Root

Root has patched CVE-2025-68776 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.4AI score0.00177EPSS
Exploits0
Chainguard
Chainguard
added 2 days ago6 views

CVE-2026-52960 vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

7.5CVSS5.1AI score0.00359EPSS
Exploits0
NVD
NVD
added 3 days ago7 views

CVE-2026-53447

Wekan is open source kanban built with Meteor. Prior to 9.35, the Wekan cloneBoard Meteor method in models/import.js uses caller-supplied sourceBoardId to build a board export through models/exporter.js without invoking canExport or checking source-board membership. Any authenticated user who kno...

6.5CVSS0.00231EPSS
Exploits0References3
Circl
Circl
added 3 days ago5 views

CVE-2026-55398

creationtimestamp| type| source ---|---|--- 2026-07-15 22:00:21+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpptm4mdb2w...

6.9CVSS6.1AI score0.00209EPSS
Exploits0References1
Circl
Circl
added 3 days ago5 views

CVE-2026-40953

creationtimestamp| type| source ---|---|--- 2026-07-15 21:00:10+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mqpmhxmhi52n...

6.7CVSS6.1AI score0.00073EPSS
Exploits0References1
Circl
Circl
added 3 days ago4 views

CVE-2026-46684

creationtimestamp| type| source ---|---|--- 2026-07-15 20:48:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqplsfbiqb2l 2026-07-16 00:24:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqpxv6enic2a 2026-07-18 04:16:04+00:00| seen|...

9.5CVSS4.8AI score0.00193EPSS
Exploits0References3
Veracode
Veracode
added 3 days ago9 views

Improper Authentication

Apollo ConfigService is vulnerable to Improper Authentication. The vulnerability is due to improper validation of non-canonical appId values during authentication, which allows an attacker to bypass AccessKey or management key protections and gain unauthorized access to protected configuration da...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References4Affected Software1
Wolfi
Wolfi
added 3 days ago7 views

CVE-2026-48038 vulnerabilities

Vulnerabilities for packages: kubeflow-katib...

5.3CVSS6.1AI score0.00301EPSS
Exploits0
NVD
NVD
added 3 days ago6 views

CVE-2026-52869

The MCP Python SDK, called mcp on PyPI, is a Python implementation of the Model Context Protocol MCP. Prior to 1.27.2, the SSE and stateful Streamable HTTP transports mcp.server.sse.SseServerTransport and mcp.server.streamablehttpmanager.StreamableHTTPSessionManager route requests to existing...

7.1CVSS0.00251EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-50144 ncnn: Out-of-bounds heap write in ParamDict::load_param via unchecked negative parameter id

ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write in ncnn::ParamDict::loadparam when Net::loadparam loads a malicious .param model file because th...

7.1CVSS0.00108EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-50144

ncnn (mobile-optimized neural network framework) contains an out-of-bounds heap write in ParamDict::load_param() when loading a malicious .param model, caused by a negative parameter id indexing before params[NCNN_MAX_PARAM_COUNT]. This is exploitable via Net::load_param() and is fixed by commit ...

7.1CVSS6.1AI score0.00108EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-50144 ncnn: Out-of-bounds heap write in ParamDict::load_param via unchecked negative parameter id

ncnn is a high-performance neural network inference framework optimized for the mobile platform. In commit e54f7b1f88434e1d844ea0551b880a1cfb079ce1 and earlier, ncnn allows an out-of-bounds heap write in ncnn::ParamDict::loadparam when Net::loadparam loads a malicious .param model file because th...

7.1CVSS6.1AI score0.00108EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-53518 Better Auth OAuth Provider: Race Condition in Authorization Code Exchange Enables Multi-Use Code Redemption

Better Auth is an authentication and authorization library for TypeScript. From 1.6.0 until 1.6.11, the @better-auth/oauth-provider POST /oauth2/token endpoint for the authorizationcode grant redeems a single-use authorization code through a non-atomic find-then-delete sequence, allowing two...

7.6CVSS6.2AI score0.00496EPSS
Exploits0References5
Rows per page
Query Builder