Lucene search
K

502 matches found

OSV
OSV
added 6 days ago2 views

CVE-2026-53987 GLPI 11 before 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.8AI score0.00341EPSS
Exploits0References6
Snyk
Snyk
added last week6 views

External Control of File Name or Path

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to External Control of File Name or Path via request-supplied OIDC file references through the /health/testconnection handler in litellm/proxy/healthendpoints/healthendpoints....

6.9CVSS6.2AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/08 3:56 p.m.6 views

CVE-2026-44918

A flaw was found in OpenStack Ironic. An authenticated project manager can change the node associated with Volume Connectors or Volume Target objects, potentially changing the project permitted to access the object. Volume Connectors contain secrets in environments configuring boot from volume wi...

8.7CVSS5.9AI score0.00426EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 11:30 a.m.33 views

CVE-2026-12936 Recurio <= 1.1.3 - Authenticated (Shop Manager+) SQL Injection via 'data' Parameter

The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00266EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 11:30 a.m.6 views

EUVD-2026-42216

The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS6AI score0.00266EPSS
Exploits0References4
CVE
CVE
added 2026/07/07 3:13 a.m.13 views

CVE-2026-42147

Coolify vulnerability CVE-2026-42147 affects prior to 4.0.0-beta.474: testConnection() validates only URL format for the S3 storage endpoint, allowing an authenticated user with storage management permissions to trigger server-side requests to internal or metadata-service URLs. This can enable SS...

4.9CVSS5.9AI score0.00255EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:33 a.m.4 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References9
NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-11578

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...

2.7CVSS0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 6:0 a.m.10 views

EUVD-2026-41253

The Fluent Forms WordPress plugin before 6.2.5 does not properly restrict the deletion of form submission entries to the forms a restricted Manager is authorized to manage, allowing a Manager limited to specific forms to permanently delete submission entries belonging to other forms. This require...

2.7CVSS5.8AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 7:9 a.m.6 views

CVE-2026-40083

A flaw was found in Cacti. This vulnerability, a SQL Injection, allows a remote attacker with SNMP Simple Network Management Protocol agent management permissions to execute arbitrary SQL commands. The flaw occurs due to unsanitized deserialization of user-controlled input in the managers.php fil...

7.2CVSS6.1AI score0.00279EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 11:17 p.m.3 views

DEBIAN-CVE-2026-40083

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS5.9AI score0.00279EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 10:39 p.m.41 views

CVE-2026-40083 Cacti: SQL Injection in managers.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have SQL Injection through unsanitized unserialize+implode in managers.php. At line 756 of managers.php, the application assigns $selecteditems by calling...

7.2CVSS0.00279EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 10:39 p.m.23 views

CVE-2026-40083

Cacti 1.2.30 and earlier are impacted by an SQL Injection in managers.php. The vulnerability arises from unsanitized data flow: user-supplied selected_graphs_array is deserialized via cacti_unserialize (unserialize with allowed_classes = false), then deserialized values are directly concatenated ...

7.2CVSS6AI score0.00279EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52626

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An issue exists in the performance and fault management framework where improper handling of deserialized data leads to SQL Injection. In the 'managers.php' file, the application processes the selecte...

7.2CVSS5.9AI score0.00279EPSS
Exploits1References10
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36934

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...

7.2CVSS5.2AI score0.00382EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:17 p.m.19 views

CVE-2026-39498

The Connected document identifies CVE-2026-39498-related details: a PHP Object Injection vulnerability in the WordPress YayMail plugin , affecting versions ≤ 4.3.3 and discovered by daroo . No additional root-cause, impact, exploit, or remediation details are provided in the sources. Monitor for ...

7.2CVSS5.3AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.32 views

CVE-2026-39472 WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

7.2CVSS0.00446EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/15 11:43 a.m.10 views

Code Injection

Apache Flink is vulnerable to Code Injection. The vulnerability is due to improper escaping of user-controlled strings during SQL code generation, which allows an authenticated attacker to inject arbitrary Java code and execute it on TaskManagers through specially crafted SQL queries...

8.1CVSS6AI score0.00381EPSS
Exploits0References5Affected Software3
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2026-35194

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

8.1CVSS6.2AI score0.00381EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-48902

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description Netty is a network application framework used for developing protocol servers and clients. The SimpleTrustManagerFactory.engineGetTrustManagers function and...

7.8CVSS5.3AI score0.00269EPSS
Exploits0References67
Rows per page
Query Builder