Lucene search
K

34749 matches found

Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57802 WordPress Struktur theme <= 2.5.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago26 views

CVE-2026-57790 WordPress Billey theme <= 2.1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Billey billey allows PHP Local File Inclusion.This issue affects Billey: from n/a through = 2.1.8...

7.5CVSS0.00496EPSS
Exploits0References1
CVE
CVE
added 2 days ago15 views

CVE-2026-57801

Technical details are not publicly available in the provided documents for CVE-2026-57801. Monitor for updates.

7.5CVSS6.1AI score0.00496EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57740 WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57695 WordPress Document Gallery plugin <= 5.1.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dan Rossiter Document Gallery document-gallery allows Reflected XSS.This issue affects Document Gallery: from n/a through = 5.1.0...

7.1CVSS0.00184EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-57424

CVE-2026-57424 affects the WordPress plugin Razorpay Payment Links for WooCommerce (rzp-woocommerce). Multiple sources describe a Missing Authorization / Broken Access Control vulnerability in versions up to and including 2.1.4, allowing exploitation of improperly configured access control. Conne...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago4 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

7.5CVSS6AI score0.00326EPSS
Exploits0References6
Nuclei
Nuclei
added 2 days ago23 views

VMware Workspace ONE Access - Authentication Bypass

VMware Workspace ONE Access has two authentication bypass vulnerabilities CVE-2022-22955 & CVE-2022-22956 in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. id: CVE-2022-22956...

9.8CVSS7.2AI score0.50694EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2 days ago4 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

6.5CVSS6AI score0.00235EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago3 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

7.5CVSS6AI score0.00374EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-57768

Missing Authorization vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.1...

7.1CVSS6.1AI score0.00226EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-39042

An issue in MikroTIk SIA Mikrotikls, Latvia RouterOS 7.21.x before v.7.21.4 and 7.22.x before v.7.22.2 allows a remote attacker to cause a denial of service via the unflatten function in libumsg.so...

0.00204EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-57920

Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.11.0 Description The GitHub Gist export flow fails to properly validate the OAuth2 state value, checking only for its presence instead of verifying it against the user session. This allows an attacker to forge a...

6.8CVSS6.1AI score0.00126EPSS
Exploits0References4
CVE
CVE
added 3 days ago15 views

CVE-2026-15494

AMTT Hotel Broadband Operation System 1.0 contains a SQL injection flaw in an unknown function of file manager/network/switch_status.php. Manipulating the argument ID remotely can lead to SQL injection. An exploit has been published and may be used; vendor contact occurred with no response. Docum...

5.8CVSS6AI score0.00202EPSS
Exploits0References5
CVE
CVE
added 4 days ago21 views

CVE-2026-57828

The CVE-2026-57828 entry concerns the Joomla extension Phoca Downloads (Phoca.cz) with an authenticated arbitrary file upload vulnerability in the RSFiles component prior to 6.1.3. The issue allows registered users to upload executable files, enabling full remote code execution (RCE). The provide...

9CVSS6.1AI score0.00256EPSS
Exploits1References2Affected Software1
CVE
CVE
added 4 days ago14 views

CVE-2026-11901

Affected software: WordPress WP Hotel Booking plugin (versions ≤ 2.3.1). Vulnerability: Insufficient Verification of Data Authenticity in the PayPal IPN handler (web_hook_process_paypal_standard). The IPN validation endpoint can be chosen from attacker-controlled test_ipn, permitting force-upgrad...

5.3CVSS6.1AI score0.00177EPSS
Exploits0References10
Fedora
Fedora
added 4 days ago8 views

[SECURITY] Fedora 44 Update: librabbitmq-0.17.0-1.fc44

This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1...

6.1AI score
Exploits0
NVD
NVD
added 5 days ago7 views

CVE-2026-58503

Frappe is a full-stack web application framework. Prior to 16.16.0 and 15.106.0, user enumeration could be performed via the resetpassword endpoint. This issue is fixed in versions 16.16.0 and 15.106.0...

6.9CVSS0.00354EPSS
Exploits0References7
NVD
NVD
added 5 days ago8 views

CVE-2026-55187

Mailpit is an email testing tool and API for developers. Prior to 1.30.2, the remediation shipped for CVE-2026-27808 is incomplete because the tools.IsInternalIP deny-list in internal/tools/net.go relies on Go's standard library classification helpers and does not block IPv6 transition mechanisms...

5.8CVSS0.00282EPSS
Exploits0References3
NVD
NVD
added 5 days ago4 views

CVE-2026-13237

Incorrect Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

4.8CVSS0.00168EPSS
Exploits0References1
Rows per page
Query Builder