Lucene search
K

112 matches found

Patchstack
Patchstack
added 2026/06/24 3:28 p.m.4 views

WordPress ListingPro theme <= 2.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Theme ListingPro versions = 2.9.11...

6.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. There were security vulnerabilities in the versions of Suprem...

10CVSS5.8AI score0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 1:9 p.m.68 views

CVE-2026-3592 Amplification vulnerabilities via self-pointed glue records

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS0.00406EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: libxml2 (UTSA-2026-017422)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017422 advisory. A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an...

5.9CVSS6.7AI score0.03503EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/06 10:37 a.m.11 views

WordPress NEX-Forms – Ultimate Forms Plugin for WordPress plugin <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin NEX-Forms versions = 9.1.11...

7.2CVSS5.8AI score0.00243EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/03 4:25 a.m.4 views

CVE-2026-5063 NEX-Forms <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting via POST Parameter Key Names

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS6AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32262

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, the AssetsController-replaceFile method has a targetFilename body parameter that is used unsanitized in a deleteFile call before...

5.3CVSS5.8AI score0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 5:56 a.m.3 views

CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS5.7AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 8:16 p.m.9 views

CVE-2026-32263

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

8.6CVSS0.00499EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/16 6:57 p.m.4 views

CVE-2026-32263 Craft CMS vulnerable to behavior injection RCE via EntryTypesController

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.11, in src/controllers/EntryTypesController.php, the $settings array from parsestr is passed directly to Craft::configure without Component::cleanseConfig. This allows injecting Yii2 behavior/event handlers via...

8.6CVSS5.7AI score0.00499EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/04 3:30 p.m.3 views

EUVD-2026-9399

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

6.7CVSS6.1AI score0.00127EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/06 12:26 a.m.4 views

SUSE CVE-2026-1707

pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract t...

7.4CVSS5.8AI score0.00392EPSS
Exploits0References3
Fedora
Fedora
added 2026/02/05 1:0 a.m.4 views

[SECURITY] Fedora 43 Update: pgadmin4-9.11-3.fc43

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

8.2CVSS5.9AI score0.01535EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/21 10:13 p.m.18 views

CVE-2026-23968 Copier safe template has arbitrary filesystem read access via symlinks when _preserve_symlinks: false

Copier is a library and CLI app for rendering project templates. Prior to version 9.11.2, Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it...

6.8CVSS0.002EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.8 views

PT-2026-3872

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.11.2 Description Copier, a library and CLI app for rendering project templates, allows a malicious template author to overwrite arbitrary files. This occurs because a safe template can write to directories outside th...

6.9CVSS5.5AI score0.00224EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.8 views

Copier security vulnerabilities

Copier is an open-source library used for rendering project templates by Copier. Versions of Copier prior to 9.11.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of symbolic links and default settings, which could lead to the inclusion of files or directories...

6.8CVSS5.8AI score0.002EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : bind-9.11.4-26.P2.10.0.1.el7.AXS7 (AXSA:2022-3876:04)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3876:04 advisory. bind: memory leak in ECDSA DNSSEC verification code CVE-2022-38177 bind: memory leaks in EdDSA DNSSEC verification code CVE-2022-38178 Tenable has...

7.5CVSS7.8AI score0.02299EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 3:52 p.m.2 views

CVE-2021-47762

HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated...

8.5CVSS6AI score0.00114EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3038

HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables and gain elevated...

8.5CVSS7.6AI score0.00114EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.5 views

CVE-2025-68038

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

7.2CVSS5.9AI score0.0037EPSS
Exploits0References1
Rows per page
Query Builder