Lucene search
+L

352 matches found

NVD
NVD
added 2026/07/04 12:17 p.m.11 views

CVE-2026-53361

In the Linux kernel, the following vulnerability has been resolved: afunix: Set gcinprogress to true in unixgc. Igor Ushakov reported that unixgc could run with gcinprogress being false if the work is scheduled while running: Thread 1 Thread 2 Thread 3 -------- -------- -------- unixschedulegc...

0.00171EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 7:53 a.m.20 views

CVE-2026-13733

The CVE-2026-13733 entry affects the WordPress Download Manager plugin (versions up to 3.3.60). A Stored Cross-Site Scripting flaw exists in the no_data_msg shortcode attribute due to insufficient input sanitization and output escaping. This allows authenticated attackers with contributor-level a...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/01 7:53 a.m.7 views

CVE-2026-13733

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'nodatamsg' Shortcode Attribute in all versions up to, and including, 3.3.60 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References9
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-558 Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

A Path Traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. Impact An attacker can craft a malicious .msg file with attachment filenames containing path traversal...

9.8CVSS8.1AI score0.00616EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-52989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it trigger...

9.8CVSS6AI score0.00347EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38857

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmettcpbuildpduiovec errors to its callers Currently, when nvmettcpbuildpduiovec detects an out-of-bounds PDU length or offset, it triggers nvmettcpfatalerrorcmd-queue and returns early. However, because the...

5.7AI score0.00347EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.15 views

CVE-2026-41661

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

6.1CVSS5.7AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.13 views

CVE-2026-6161

A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/04 12:0 p.m.7 views

ate (>=0.1.0 <=0.8.0), ate-auth (>=1.1.0 <=1.6.0) +19 more potentially affected by unknown CVE via pqcrypto-falcon (>=0.2.10 <=0.4.1)

pqcrypto-falcon CARGO version =0.2.10, =0.1.0, =1.1.0, =1.0.0, =1.1.0, =0.1.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =0.12.2, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0165...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/04 12:0 p.m.6 views

b4ae (>=2.1.1 <=2.1.3), clatter (>=2.0.0 <=2.2.0) +7 more potentially affected by unknown CVE via pqcrypto-mlkem (=0.1.1)

pqcrypto-mlkem CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on pqcrypto-mlkem and may be impacted: - b4ae =2.1.1, =2.0.0, =0.1.0, =0.18.0, =0.1.0, =0.1.9 - uvb-crypto-pqc =0.2.1 - zipher =0.1.8 Source cves: unknown CVE Source...

5.7AI score
Exploits0
NVD
NVD
added 2026/06/02 10:16 p.m.12 views

CVE-2026-10650

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

6.9CVSS0.00429EPSS
Exploits0References8
CVE
CVE
added 2026/06/02 9:15 p.m.152 views

CVE-2026-10650

warmcat libwebsockets (up to 4.5.8) contains a flaw in the SSH Protocol Handler: lws_ssh_parse_plaintext (plugins/protocol_lws_ssh_base/sshd.c) can be triggered by manipulating msg_len, leading to resource consumption. The issue can be exploited remotely; a proof-of-concept exploit has been publi...

6.9CVSS5.7AI score0.00429EPSS
Exploits0References8
CVE
CVE
added 2026/06/02 5:45 p.m.30 views

CVE-2026-10607

The vulnerability CVE-2026-10607 affects DedeCMS 5.7.88. The issue resides in the function dede_htmlspecialchars in /plus/flink.php, where manipulation of the msg argument leads to an SQL injection. Attacks can be remote, and exploitation is publicly available. Impact is described as potentially ...

7.5CVSS7AI score0.00313EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:45 p.m.12 views

CVE-2026-10607

A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dedehtmlspecialchars of the file /plus/flink.php. The manipulation of the argument msg leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00313EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

DesDev DedeCMS SQL注入漏洞

DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation, based on PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a SQL injection vulnerabilit...

7.5CVSS5.6AI score0.00313EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Libwebsockets 安全漏洞

Libwebsockets is a standardized network library open-sourced by the lws-team. Versions of Libwebsockets 4.5.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the lwssshParseplaintext function in the SSH Protocol Handler component’s plugins/protocollwssshbase/sshd.c...

6.9CVSS5.3AI score0.00429EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45818

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.88 Description A remote SQL injection is possible through the manipulation of the msg argument within the dede htmlspecialchars function located in the '/plus/flink.php' file. Recommendations As a temporary workaround,...

7.5CVSS7.3AI score0.00313EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/28 3:55 a.m.11 views

SUSE CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References12
EUVD
EUVD
added 2026/05/27 3:33 p.m.15 views

EUVD-2026-32248

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

5.8AI score0.0016EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/25 8:0 p.m.28 views

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS0.00295EPSS
Exploits0References4
Rows per page
Query Builder