Lucene search
+L

5081 matches found

Cvelist
Cvelist
added 2026/07/07 4:17 p.m.34 views

CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/07/07 3:37 p.m.5 views

CVE-2026-54316

A flaw was found in Claude Code, an agentic coding tool. An attacker could exploit a misconfiguration in the tool's web request functionality, known as WebFetch, where the huggingface.co domain was pre-approved without proper path restrictions. By injecting untrusted content into a Claude Code...

9.1CVSS5.9AI score0.00403EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 2:49 p.m.33 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 2:49 p.m.18 views

EUVD-2026-41388

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score0.00141EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:33 a.m.16 views

CVE-2026-57760

CVE-2026-57760 affects the WordPress Sendcloud Shipping plugin

5.3CVSS5.8AI score0.00184EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53338

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by...

6AI score0.00154EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 8:45 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the helm.repo process when the helmRepoURLRegex field is not set on a GitRepo resource. An attacker with git push access to a monitored repository can cause the system to forward Helm authentication...

5.3CVSS6.1AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.7 views

CVE-2026-57721

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...

5.3CVSS0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 5:16 p.m.7 views

CVE-2026-57720

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:56 p.m.7 views

CVE-2026-57721

Missing Authorization vulnerability in WP Reloaded ApplyOnline allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline: from n/a through 2.6.7.6...

5.3CVSS5.8AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:55 p.m.8 views

EUVD-2026-41091

Missing Authorization vulnerability in Codexpert Inc ThumbPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ThumbPress: from n/a through 6.3.2...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:7 p.m.10 views

EUVD-2026-41055

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 7:16 a.m.15 views

CVE-2026-11794

The Advanced Form Integration — Connect Forms to 200+ Apps WordPress plugin before 2.1.1 does not restrict the WordPress role assigned when it creates a user from a public form submission, allowing unauthenticated visitors to create an administrator account when an active integration maps the use...

8.1CVSS0.00236EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 10:8 p.m.4 views

CVE-2026-56356 n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field

n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...

5.1CVSS5.8AI score0.00177EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 7:39 p.m.7 views

EUVD-2026-40392

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:39 p.m.8 views

CVE-2026-12084

IBM UCD - IBM DevOps Deploy 8.1 through 8.1.2.6, and 8.2 through 8.2.1.0 uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 1:36 p.m.41 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 1:36 p.m.7 views

EUVD-2025-210372

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 1:36 p.m.28 views

CVE-2025-53648

CVE-2025-53648 affects Gravitino UI prior to 1.0.0, where a SQL misconfiguration can allow a malicious user to read or truncate files. The vulnerability is triggered by improper SQL handling in the Gravitino UI, impacting versions 1.0.0 and earlier. Upgrading to version 1.0.0 (as recommended) fix...

5.4CVSS5.7AI score0.00348EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 1:36 p.m.6 views

CVE-2025-53648 Apache Gravitino: SQL misconfiguration can access or truncate files

SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended to upgrade to version 1.0.0, which fixes this issue...

5.4CVSS5.9AI score0.00348EPSS
Exploits0References5
Rows per page
Query Builder