Lucene search
K

434 matches found

CVE
CVE
added 3 days ago18 views

CVE-2026-57828

The CVE-2026-57828 entry concerns the Joomla extension Phoca Downloads (Phoca.cz) with an authenticated arbitrary file upload vulnerability in the RSFiles component prior to 6.1.3. The issue allows registered users to upload executable files, enabling full remote code execution (RCE). The provide...

9CVSS6.1AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 4:6 p.m.5 views

EEF-CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

Summary The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls\handshake\1\3:handle\pre\shared\key/3, an OfferedPreSharedKeys...

8.2CVSS5.9AI score0.00487EPSS
Exploits0References6
Circl
Circl
added 2026/07/02 12:35 a.m.8 views

CVE-2026-5138

creationtimestamp| type| source ---|---|--- 2026-07-02 00:35:08+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmrxhtt7u2q 2026-07-02 02:11:31+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmxdt3ckv2y 2026-07-02 08:15:52+00:00| seen|...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.40 views

CVE-2025-63041 WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability

Contributor Broken Access Control in Forget About Shortcode Buttons = 2.1.3 versions...

5.4CVSS0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 8:1 p.m.4 views

EUVD-2026-39554

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:12 p.m.7 views

EUVD-2026-39372

Unauthenticated Local File Inclusion in MDTF = 1.3.8 versions...

8.1CVSS5.8AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39361

Contributor Sensitive Data Exposure in Elementor Website Builder = 4.1.3 versions...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/24 7:30 p.m.4 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 3:16 p.m.9 views

CVE-2026-11877

An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3...

7.5CVSS0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:33 a.m.22 views

CVE-2026-8622

The CVE-2026-8622 entry concerns the WordPress plugin Image Sizes on Demand (versions affected: all up to and including 1.3). The vulnerability is a Reflected Cross-Site Scripting (XSS) via the PHP_SELF server variable caused by insufficient input sanitization and output escaping. It allows unaut...

6.1CVSS6AI score0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 4:17 a.m.10 views

CVE-2026-3652

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 2:29 a.m.37 views

CVE-2026-3652 ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 2:29 a.m.29 views

CVE-2026-3652

CVE-2026-3652: The ARForms WordPress plugin is vulnerable to an Unauthenticated Stored Cross-Site Scripting (XSS) via the value parameter of the arf_save_incomplete_form_data AJAX action. Affected are all versions up to 7.1.3. The root cause is insufficient input sanitization and output escaping,...

7.2CVSS6AI score0.0019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51650

Name of the Vulnerable Software and Affected Versions ARForms versions prior to 7.1.4 Description Insufficient input sanitization and output escaping in the ARForms plugin allow unauthenticated attackers to perform Stored Cross-Site Scripting XSS. By exploiting the value parameter of the arf save...

7.2CVSS6AI score0.0019EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.18 views

PT-2026-51819

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions prior to 5.1.3 Description An unauthorized user can modify configuration through API calls, which impacts the OpenText Access Manager. Recommendations Update OpenText Access Manager to version 5.1.3 or later...

6.3CVSS5.8AI score0.00178EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/22 3:32 p.m.7 views

CVE-2026-41049 Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.12 views

EUVD-2025-210259

Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme = 3.1.3 versions...

8.8CVSS5.3AI score0.00482EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 2:17 p.m.9 views

CVE-2026-40733

Unauthenticated PHP Object Injection in ShiftUp = 1.3 versions...

8.1CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.15 views

CVE-2025-69125

Technical details about CVE-2025-69125 (WordPress Food Drop theme ≤1.3 LFI) are not provided in the supplied documents. Monitor for updates and future advisories to obtain affected versions, impact, and remediation information.

8.1CVSS5.1AI score0.00348EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36913

Unauthenticated PHP Object Injection in Broadcast Live Video 7.1.3 versions...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder