Lucene search
K

8435 matches found

Cvelist
Cvelist
added 9 hours ago5 views

CVE-2026-27436 WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability

Editor Arbitrary Code Execution in Five Star Business Profile and Schema = 2.3.19 versions...

9.1CVSS
Exploits0References1
Cvelist
Cvelist
added 9 hours ago4 views

CVE-2026-27414 WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Werkstatt = 4.8.3 versions...

8.8CVSS
Exploits0References1
Nuclei
Nuclei
added 10 hours ago20 views

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

7.2CVSS5.8AI score0.01833EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago17 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.6AI score0.02574EPSS
Exploits6References4
Nuclei
Nuclei
added 10 hours ago16 views

CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution

CWP Control Web Panel 0.9.8.1205 contains a remote code execution caused by shell metacharacters in the ttotal parameter in filemanager changePerm request, letting unauthenticated attackers execute code remotely, exploit requires knowledge of a valid non-root username. id: CVE-2025-48703 info:...

9CVSS8.1AI score0.99589EPSS
Exploits3References2
Nuclei
Nuclei
added 10 hours ago110 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.4AI score0.04055EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-54712

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

5.3CVSS5.8AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-54263

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...

7.3CVSS5.5AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS5.6AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday18 views

CVE-2026-54164

Summary: API Platform Core versions prior to 4.1.30, 4.2.26 and 4.3.12 contain a type-confusion in the serializer’s AbstractItemNormalizer when resolving relation IRIs. An attacker able to submit write requests (POST/PUT/PATCH) to an API endpoint with writable relations can supply a relation IRI ...

6.5CVSS5.7AI score
Exploits0References1
Cvelist
Cvelist
added yesterday24 views

CVE-2026-53492 containerd CRI checkpoint restore CDI annotation smuggling

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

8.4CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-58520

CVE-2026-58520 affects the Wikimedia Foundation Mediawiki UrlShortener Extension. The issue is an open redirect: URL redirection to an untrusted site in the UrlShortener extension, impacting versions from before 1.43.9, 1.44.6, and 1.45.4. The connected documents provide the vulnerability descrip...

6.9CVSS5.6AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-58026

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Parser/Parser.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-6683

CVE-2026-6683 describes a divide-by-zero in FatFs exFAT sync for FatFs R0.16 and earlier. The bug arises when crafted metadata causes the expression n_fatent - 2 to be zero during write/sync, mapping to CWE-369 (Divide By Zero). The vulnerability is applicable to FatFs versions ending at R0.16 an...

4.6CVSS5.8AI score
Exploits2References4Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40718

Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00174EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40521

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00208EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score0.00117EPSS
Exploits0
Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-13918

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.8AI score0.00208EPSS
Exploits0
NVD
NVD
added 2 days ago8 views

CVE-2026-48276

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00917EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-48277

CVE-2026-48277 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction (network access implied by CVSS). No remediation or patch ...

10CVSS6.4AI score0.00855EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder