Lucene search
K

7293 matches found

Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.6 views

CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.25 views

CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...

7.1CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-40787

The vulnerability concerns the WordPress Quiz And Survey Master plugin (versions ≤ 11.0.0). It is an unauthenticated Cross Site Scripting (XSS) flaw identified in these releases. The connected sources confirm the affected product and the XSS impact but do not specify the exact root cause, vulnera...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 3:17 p.m.33 views

CVE-2026-9863 Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS0.00579EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 3:17 p.m.7 views

CVE-2026-9863 Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.3AI score0.00579EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 3:17 p.m.17 views

CVE-2026-9863

CVE-2026-9863 concerns Fortra BoKS Manager, where an OS command injection vulnerability exists in the client upgrade/patch tooling for legacy tar-based installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may cause commands to be executed on the B...

7.5CVSS5.4AI score0.00579EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/15 10:18 a.m.11 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.5AI score0.01782EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49425

Name of the Vulnerable Software and Affected Versions Quiz And Survey Master versions prior to 11.0.1 Description Unauthenticated Cross Site Scripting XSS allows an attacker to execute malicious scripts in the victim's browser without requiring authentication. Recommendations Update to a version...

7.1CVSS5.3AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49246

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.4AI score0.00579EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/13 12:3 a.m.28 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.8CVSS5.2AI score0.00563EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/12 6:23 p.m.14 views

GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

7.2CVSS6.2AI score0.00353EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2026/06/12 6:23 p.m.9 views

GHSA-7QMG-GRCP-QF25 GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page

Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...

7.2CVSS6.2AI score0.00353EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49053

Name of the Vulnerable Software and Affected Versions GeoServer versions prior to 2.26.4 GeoServer versions prior to 2.27.3 Description An authenticated administrator with access to the security system can provide arbitrary absolute file paths to the Master Password Dump web page to create files...

7.2CVSS8.2AI score0.00353EPSS
Exploits0References9
CVE
CVE
added 2026/06/11 8:8 p.m.36 views

CVE-2026-53814

OpenClaw before 2026.5.20 contains a privilege-escalation vulnerability in which a hook-triggered agent runs with owner-scoped MCP loopback authority instead of the hook-appropriate scope. Attackers with a valid hook token can use the /hooks/agent endpoint to cause spawned CLI runtimes to access ...

8.7CVSS5.5AI score0.00281EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/11 11:39 a.m.6 views

kernel: netfilter: ctnetlink: ensure safe access to master conntrack

A flaw was found in the netfilter: ctnetlink component of the Linux kernel. This vulnerability occurs due to insufficient locking when accessing the master conntrack object, allowing it to become invalid while still being referenced. A local attacker could potentially exploit this race condition,...

7.8CVSS5.4AI score0.00096EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/11 11:39 a.m.14 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS5.5AI score0.00563EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/10 11:13 p.m.6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the ICON decoding. An attacker can cause a crash by providing a specially crafted ICON file that triggers an out-of-bounds heap write. Remediation A fix was pushed into the master branch but not yet published...

8.8CVSS5.3AI score0.00353EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource...

7.1CVSS5.4AI score0.00268EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.5 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the Floyd-Steinberg dithering when handling images with a mask. An attacker can cause a negative heap buffer overwrite by supplying a specially crafted image file. Remediation A fix was pushed into the master bran...

6.8CVSS5.5AI score0.00103EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:10 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the SF3 encoder when handling crafted multi-frame images. An attacker can cause a heap buffer overwrite by submitting specially crafted image data. Remediation A fix was pushed into the master branch b...

7CVSS5.5AI score0.00112EPSS
Exploits0References2
Rows per page
Query Builder