Lucene search
+L

104 matches found

EUVD
EUVD
added 2026/07/02 8:32 p.m.10 views

EUVD-2026-37821

Steeltoe: OAEP setting silently selects PKCS1 v1.5 padding...

1.9CVSS5.8AI score0.00046EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 12:17 p.m.4 views

CVE-2026-42382

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-42382 WordPress Audrey theme <= 1.5 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Audrey = 1.5 versions...

8.1CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.37 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37676

Unauthenticated PHP Object Injection in Mildhill = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.11 views

CVE-2025-69170

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.11 views

EUVD-2026-37690

Unauthenticated PHP Object Injection in SingleMalt = 1.5 versions...

8.1CVSS5.3AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 12:47 p.m.10 views

EUVD-2025-210266

Unauthenticated Local File Inclusion in Eventicity = 1.5 versions...

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-50101

Unauthenticated Local File Inclusion in Aperitif = 1.5 versions...

8.1CVSS5.2AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49547

Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software employs weak SSH cryptographic algorithms, which are encryption methods used to secure communication over the Secure Shell SSH protocol that are no longer consider...

9.8CVSS5.9AI score0.00184EPSS
Exploits0References10
OSV
OSV
added 2026/06/09 11:47 p.m.2 views

CVE-2026-46543 nimiq-blockchain: Genesis batch set request

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...

5.3CVSS6AI score0.00291EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.14 views

node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification

A flaw was found in Forge also called node-forge, a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do n...

7.5CVSS5.4AI score0.00339EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.12 views

MiracleLinux 8 : ruby:3.3 (AXSA:2026-769:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-769:01 advisory. erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 Tenable has extracted the preceding description block directly from the...

8.1CVSS6AI score0.01131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.8 views

Fedora 43 : apptainer (2026-6c547e9f64)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6c547e9f64 advisory. Update to upstream 1.5.0, fix CVE-2026-32285 and CVE-2026-34986 ---- Update to upstream 1.5.0-rc.2 ---- Update to upstream 1.5.0-rc.1 Tenable has...

7.5CVSS6.4AI score0.0075EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:2 a.m.14 views

CVE-2026-45214

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2026/04/29 12:0 a.m.105 views

Atlona ATOMERX21 - Authenticated Command Injection

// Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link: https://atlona.com/product/at-ome-rx21/ // Version: Firmware -u -p -l -P -c package main import "bytes"...

6.3CVSS5.3AI score0.01143EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.15 views

PT-2026-35222

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

8.5CVSS5.1AI score0.00653EPSS
Exploits0References6
CVE
CVE
added 2026/04/21 8:5 p.m.11 views

CVE-2026-40906

Electric’s CVE-2026-40906 describes an error-based SQL injection in the order_by parameter of the ElectricSQL /v1/shape API in Electric (Postgres sync engine). Affected versions range from 1.1.12 up to before 1.5.0; an authenticated user could craft ORDER BY expressions to read, write, and destro...

9.9CVSS5.8AI score0.00461EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/14 1:16 p.m.4 views

CVE-2026-2450

.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0...

7.4CVSS0.00271EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:3 p.m.3 views

CVE-2026-3530

Server-Side Request Forgery SSRF vulnerability in Drupal OpenID Connect / OAuth client allows Server Side Request Forgery.This issue affects OpenID Connect / OAuth client: from 0.0.0 before 1.5.0...

5.8AI score0.00162EPSS
Exploits0References2
Rows per page
Query Builder