Lucene search
K

40 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52426

Name of the Vulnerable Software and Affected Versions H5P versions prior to 1.17.7 Description An unauthenticated Cross Site Scripting XSS issue exists, allowing an attacker to execute malicious scripts in the browser of a user without requiring authentication. Recommendations Update to a version...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 9:32 p.m.4 views

CVE-2026-35406 Aardvark-dns has incorrect error handling for malformed tcp packets

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

6.2CVSS5.9AI score0.00383EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/20 12:24 a.m.5 views

SUSE CVE-2026-31973

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cramdecodecompressionheader was missing. If the function returned ...

7.5CVSS5.8AI score0.00523EPSS
Exploits0References3
NVD
NVD
added 2026/03/16 2:19 p.m.8 views

CVE-2026-32709

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

6.8CVSS0.00476EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/13 9:39 p.m.31 views

CVE-2026-32724 PX4 autopilot has a heap Use-After-Free in MavlinkShell::available() via SERIAL_CONTROL Race Condition

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS0.00251EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/09 6:31 p.m.3 views

EUVD-2025-208437

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity 4.19 was discovered in mscdex ssh2 v1.17.0...

5.8AI score0.00339EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/05 3:23 a.m.30 views

CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fluentformstepformsavedata AJAX action in all versions up to, and including, 6.1.17. This is due to the draft form submission endpoint being publicly accessible without authentication or nonce...

7.2CVSS0.00263EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/27 7:6 a.m.7 views

WordPress Fluent Forms Pro Add On Pack plugin <= 6.1.17 - Missing Authorization to Unauthenticated Payment Status modification vulnerability

Missing Authorization to Unauthenticated Payment Status modification vulnerability discovered by Prickly Cactus in WordPress Plugin Fluent Forms Pro Add On Pack versions = 6.1.17...

7.5CVSS5.3AI score0.00139EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.4 views

Fedora 43 : bind9-next (2026-b31c8d8e83)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-b31c8d8e83 advisory. Update to 9.21.17 rhbz2415843 Security Fixes: - Fix incorrect length checks for BRID and HHIT records. CVE-2025-13878 New Features: - Add support for Extende...

7.5CVSS5.9AI score0.08219EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/18 7:21 a.m.2 views

CVE-2025-58927 WordPress Stallion theme <= 1.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...

8.1CVSS6.7AI score0.00445EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.3 views

WordPress plugin Soleil 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

8.1CVSS6.6AI score0.00415EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.3 views

PT-2025-52078

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Stallion stallion allows PHP Local File Inclusion.This issue affects Stallion: from n/a through = 1.17...

7.1AI score0.00445EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/11/04 8:24 p.m.6 views

WordPress Booking Manager plugin <= 2.1.17 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jan Barszcz in WordPress Plugin Booking Manager versions = 2.1.17...

6.5CVSS6.1AI score0.00134EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2025/10/27 12:0 a.m.6 views

Important: pcs

Issue Overview: Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid...

7.5CVSS6.7AI score0.00868EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/24 6:31 p.m.6 views

CVE-2025-58691

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Russell Jamieson Genesis Club Lite genesis-club-lite allows Stored XSS.This issue affects Genesis Club Lite: from n/a through = 1.17...

6.5CVSS5.9AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/22 6:23 p.m.9 views

CVE-2025-58224 WordPress Printeers Print & Ship Plugin <= 1.17.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Printeers Printeers Print & Ship allows Cross Site Request Forgery. This issue affects Printeers Print & Ship: from n/a through 1.17.0...

5.4CVSS0.00127EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 11:15 p.m.57 views

CVE-2025-59039

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

9.3CVSS0.00312EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/23 11:22 p.m.4 views

SUSE CVE-2025-51480

Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted externaldata.location paths containing traversal sequences, bypassing intended directory restrictions...

8.8CVSS7AI score0.00578EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.4 views

Cilium 安全漏洞

Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in Cilium versions v1.16.0 through v1.16.7 a...

4.7CVSS5AI score0.00197EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/11/18 6:15 p.m.2 views

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

7.5CVSS5.8AI score0.00458EPSS
Exploits0References3
Rows per page
Query Builder