Lucene search
K

13149 matches found

CVE
CVE
added 3 hours ago6 views

CVE-2026-58410

ChurchCRM is an open-source church management system. Prior to version 7.4.0, there was an authorization flaw in the family-scoped endpoints which allowed low-privileged users to read and modify other families’ records. An authenticated non-admin user with EditSelf access can supply another...

7.1CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 18 hours ago10 views

Blinko < 1.8.4 - Path Traversal

Blinko 1.8.4 contains a path traversal vulnerability caused by lack of permission checks and filtering on the temp/ path in the file server endpoint, letting unauthorized attackers read arbitrary files including backup files with user notes and tokens, exploit requires no special privileges. id:...

8.2CVSS6.2AI score0.01523EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago100 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.3AI score0.03316EPSS
Exploits5References5
Nuclei
Nuclei
added 18 hours ago21 views

WordPress Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Remote Code Execution

Print Invoice & Delivery Notes for WooCommerce plugin for WordPress = 5.8.0 contains a remote code execution caused by missing capability check, PHP enabled in Dompdf, and missing escape in template.php, letting unauthenticated attackers execute code on the server. id: CVE-2025-13773 info: name:...

9.8CVSS6.6AI score0.032EPSS
Exploits0References3
NVD
NVD
added 3 days ago4 views

CVE-2026-55880

OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.updatewidget an...

7.1CVSS0.00195EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-55880

OpenReplay CVE-2026-55880 affects OpenReplay self-hosted session replay (versions 1.27.0 and earlier). The root cause is that three mutation operations—notes.delete, dashboards.update_widget, and dashboards.remove_widget—executed SQL without the ownership predicate used by their read/edit sibling...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-55880 OpenReplay: Cross-user IDOR in notes and dashboard widgets

OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.updatewidget an...

7.1CVSS0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-21050

Improper access control in SmartThingsKit prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

5.1CVSS0.00105EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-12433

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS0.00435EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 4 days ago8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.93 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.93 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

9.8CVSS6.7AI score0.01557EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.14.3 security update

Red Hat Advanced Cluster Management for Kubernetes 2.14 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.14 images Red Hat Advanced Cluster Management for Kubernetes provides...

10CVSS7AI score0.025EPSS
Exploits27References42
RedHat Linux
RedHat Linux
added 5 days ago12 views

Important: Red Hat Security Advisory: RHACS 4.10.5 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.4CVSS6.8AI score0.00813EPSS
Exploits0References17
Cvelist
Cvelist
added 6 days ago25 views

CVE-2026-50179 Actual: CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS0.00286EPSS
Exploits0References3
CVE
CVE
added 6 days ago14 views

CVE-2026-50179

CVE-2026-50179 affects Actual Budget prior to version 26.6.0 where exportToCSV/exportQueryToCSV passed user-controlled Payee/Notes/Account/Category strings to csv-stringify without a cast callback, allowing formula prefixes (e.g., =, +, -, @, tab, CR) to survive in CSV cells. When opened in Excel...

4.2CVSS6AI score0.00286EPSS
Exploits0References3
OSV
OSV
added 6 days ago7 views

CVE-2026-50179 Actual: CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS6AI score0.00286EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago4 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.1.7 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 8.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6AI score0.00246EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 6 days ago17 views

Important: Red Hat Security Advisory: RHACS 4.9.9 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.4CVSS6.8AI score0.00813EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 6 days ago5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.28 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.28 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

9.2CVSS6AI score0.00848EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 6 days ago7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.23 bug fix and security update

Red Hat OpenShift Container Platform release 4.21.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...

9.1CVSS6AI score0.01557EPSS
Exploits1References3
Rows per page
Query Builder