Lucene search
K

15356 matches found

OSV
OSV
added yesterday8 views

ROOT-OS-UBUNTU-2404-CVE-2025-40168 CVE-2025-40168 in rootio-linux - Patched by Root

Root has patched CVE-2025-40168 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7CVSS5.4AI score0.0017EPSS
Exploits0
Nuclei
Nuclei
added yesterday103 views

Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

9.8CVSS6AI score0.33618EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday95 views

WordPress Core <6.5.2 - Cross-Site Scripting

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. id: CVE-2024-4439 info: name: WordPress Core 6.5.2 - Cross-Site Scripting author: nqdung2002 severity: hi...

7.2CVSS6.9AI score0.70822EPSS
Exploits4References2
Nuclei
Nuclei
added yesterday117 views

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution

Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An...

10CVSS7.2AI score0.98092EPSS
Exploits12References5
NVD
NVD
added yesterday7 views

CVE-2026-11390

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00252EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-58846

Name of the Vulnerable Software and Affected Versions Matter SDK connectedhomeip versions prior to 1.4.2 Description A reachable assertion issue exists within the Level Control cluster's periodic server tick logic. A remote, unauthenticated attacker can cause a denial of service by sending a...

6.1AI score
Exploits0References4
CVE
CVE
added yesterday6 views

CVE-2025-56361

The vulnerability is in the Matter SDK (connectedhomeip) 1.3–1.4. The Level Control cluster server tick callback (emberAfLevelControlClusterServerTickCallback) can abort the device when a MoveToLevel command is followed by a conflicting write to OperationMode in the Pump Configuration and Control...

6AI score
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43287

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago7 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 2 days ago4 views

CVE-2026-12271

The Tutor LMS WordPress plugin before 3.9.13 does not verify ownership of the targeted quiz attempt before writing to it, allowing authenticated users with subscriber-level access and above to modify and force-complete other students' quiz attempts, overwriting their recorded marks and pass/fail...

5.4CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-12273 Tutor LMS < 3.9.13 - Subscriber+ Arbitrary Auto-Approved Comment Creation

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

0.0017EPSS
Exploits0References1
OSV
OSV
added 2 days ago2 views

CVE-2026-7162

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-7162

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS0.00103EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-7162

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43268

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References2
CVE
CVE
added 2 days ago26 views

CVE-2026-7162

CVE-2026-7162 involves an integer overflow that could allow an attacker to achieve system-level access to the affected software. The linked sources indicate a local attack vector with high impact (confidentiality, integrity, and availability all rated high) and require no user interaction, with p...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57622

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software...

7.8CVSS6.1AI score0.00103EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2 days ago42 views

Cisco IOS Cross-Site Request Forgery Vulnerability

Cisco IOS 12.4 contains multiple cross-site forgery vulnerabilities that allows remote attackers to execute arbitrary commands via 1 a certain "show privilege" command to the /level/15/exec/- URI, and 2 a certain "alias exec" command to the /level/15/exec/-/configure/http URI...

9.3CVSS6.3AI score0.23857EPSS
In wildExploits1
Cvelist
Cvelist
added 4 days ago39 views

CVE-2026-12126 WCFM Marketplace <= 3.7.3 - Authenticated (Vendor+) Stored Cross-Site Scripting via Attachment 'post_title'

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0021EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-12738 WP Easy Pay <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Status Modification via wpep_draft_confirm AJAX Action

The WP Easy Pay – Payment and Donation form Builder for Square plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.5.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00213EPSS
Exploits0References5
Rows per page
Query Builder