Lucene search
K

8416 matches found

NVD
NVD
added yesterday8 views

CVE-2026-48276

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-48277

CVE-2026-48277 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction (network access implied by CVSS). No remediation or patch ...

10CVSS6.4AI score
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added yesterday5 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS6.6AI score0.00558EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago20 views

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

7.2CVSS5.8AI score0.01833EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago109 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.4AI score0.04055EPSS
Exploits1References2
Nuclei
Nuclei
added 3 days ago17 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.6AI score0.02574EPSS
Exploits6References4
CVE
CVE
added 5 days ago19 views

CVE-2026-53576

Kestra prior to versions 1.0.45 and 1.3.21 contained an authentication filter bypass on the REST API. Requests whose path ends in /configs were treated as the public instance-config endpoint and forwarded without credential checks, allowing anonymous access to resources such as /api/v1/{tenant}/f...

10CVSS5.8AI score0.00471EPSS
Exploits1References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-39646

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS5.8AI score0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago13 views

PT-2026-52727

Name of the Vulnerable Software and Affected Versions wpDataTables versions 7.4 and earlier Description An unauthenticated SQL Injection exists in the software. SQL Injection is a type of vulnerability that allows an attacker to interfere with the queries that an application makes to its database...

9.3CVSS5.9AI score0.00283EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-9222 Setracker2 Children's Smartwatch Ecosystem Use of password hash instead of password for authentication

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access...

9.2CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-50573

Summary: CVE-2026-50573 affects pnpm prior to 10.34.0 and 11.4.0. In non-frozen mode, when a locked package’s integrity conflicts with later registry content, pnpm may report an integrity mismatch but then perform a resolution repair, update the lockfile with the registry’s new integrity, and ins...

8.1CVSS5.9AI score0.00113EPSS
Exploits1References1Affected Software1
NVD
NVD
added 6 days ago4 views

CVE-2026-46732

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of...

7CVSS0.00075EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-56071 WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Forminator = 1.53.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 6 days ago16 views

CVE-2026-54828

WordPress Motors plugin for WordPress, versions &lt;= 1.4.109, has an unauthenticated Broken Access Control vulnerability. Affects Motors plugin core files/components on affected installs; CVSS 3.1 base score 7.5 (High) with network access, low attack complexity, no privileges required, no user i...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago4 views

WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.5...

7.5CVSS5.8AI score0.00246EPSS
Exploits0Affected Software1
NVD
NVD
added 6 days ago8 views

CVE-2026-39951

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graphnameregexp in the Reports feature. This issue has been fixed in version 1.2.31...

8.8CVSS0.00221EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-49277

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12, Rocket.Chat does not revoke OAuth bearer or refresh tokens when a user is deactivated. A deactivated user can continue using an existing OAuth...

2.3CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added last week53 views

CVE-2026-12537

Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...

10CVSS6.3AI score0.00314EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added last week6 views

CVE-2026-57281

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the...

6AI score0.00594EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/06/24 1:46 a.m.5 views

CVE-2026-8643 affecting package python-virtualenv for versions less than 20.36.1-5

CVE-2026-8643 affecting package python-virtualenv for versions less than 20.36.1-5. A patched version of the package is available...

8CVSS5.8AI score0.00275EPSS
Exploits0
Rows per page
Query Builder