Lucene search
K

72955 matches found

CNNVD
CNNVD
added 2026/06/06 12:0 a.m.5 views

WordPress plugin Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.3AI score0.00214EPSS
Exploits0References9
OSV
OSV
added 2026/06/05 11:16 p.m.6 views

DEBIAN-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.3AI score0.00408EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 11:16 p.m.11 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS0.00408EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 10:6 p.m.10 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.4AI score0.00408EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 10:6 p.m.9 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

7.5CVSS6.6AI score0.01386EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/05 10:6 p.m.10 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS6.3AI score0.00408EPSS
Exploits0
NVD
NVD
added 2026/06/05 8:17 p.m.12 views

CVE-2026-25623

An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall NGFW. Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions...

7CVSS0.06174EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 8:17 p.m.13 views

CVE-2026-25621

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed...

7CVSS0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:55 p.m.12 views

CVE-2026-36460

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

4.8CVSS5.5AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-24819

Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application...

5.7CVSS5.5AI score0.00211EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.7 views

CVE-2025-62338

HCL BigFix Cloud Lifecycle Management is affected by lack of input validation. This low-level flaw allows unauthorized access and may lead to information exposure...

3.3CVSS5.4AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-34685

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing. are affected by an Improper Input...

3.4CVSS5.4AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-3254

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content into another user's browser due to improper input validation in the Mermaid sandbox...

3.5CVSS5.5AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.8 views

CVE-2026-9245

Improper input validation in the external authentication provider flow in Devolutions Server allows an unauthenticated remote attacker to redirect victims to an attacker-controlled domain via a crafted login link. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions...

5CVSS5.5AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.8 views

CVE-2026-28860

The issue was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A local attacker may be able to modify the state of the...

7.5CVSS5.4AI score0.0038EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.7 views

CVE-2026-28897

A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A local user may be able to cause unexpected system...

6.2CVSS5.7AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-31378

Improper Input Validation vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

6.5CVSS5.4AI score0.00574EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.9 views

CVE-2026-0085

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-0070

In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.7AI score0.00071EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-0018

In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00071EPSS
Exploits0References1
Rows per page
Query Builder