Lucene search
K

49 matches found

CVE
CVE
added 2026/06/15 11:36 p.m.18 views

CVE-2026-9259

Canon EOS Network Setting Tool, version 1.5.0 and earlier, is affected by an improper validation of server certificates. The vulnerability (CVE-2026-9259) is network-exposed with low attack complexity and no user interaction required, potentially impacting confidentiality, integrity, and availabi...

9.8CVSS5.3AI score0.00195EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/05/25 5:37 p.m.87 views

Exploit for CVE-2012-1803

CVE-2012-1803 Critical vulnerability in Siemens Rugge...

8.5CVSS5.8AI score0.49114EPSS
Exploits8
OSV
OSV
added 2026/05/05 9:35 p.m.3 views

GHSA-3446-6MGW-F79P Grav is Vulnerable to XXE via SVG Upload

Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server through XML External Entity XXE injection. Vulnerability Summary | Field | Details | |-------|---------| | Vulnerability Type | XML External...

6.5CVSS6AI score
Exploits0References3
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

Apache Tomcat 输入验证错误漏洞

Apache Tomcat is a lightweight web application server developed by the Apache Foundation in the United States. It supports Servlet and JavaServer Page JSP technologies. Versions of Apache Tomcat 11.0.18 and earlier, 10.1.52 and earlier, 9.0.115 and earlier, as well as 8.5.100 and earlier, have a...

6.1CVSS6.4AI score0.00526EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 12:25 a.m.6 views

CVE-2026-33728 dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

dd-trace-java is a Datadog APM client for Java. In versions of dd-trace-java 0.40.0 through prior to 1.60.2, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access ...

9.3CVSS6AI score0.00622EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/26 4:45 p.m.6 views

dd-trace-java: Unsafe deserialization in RMI instrumentation may lead to remote code execution

In versions of dd-trace-java prior to 1.60.3, the RMI instrumentation registered a custom endpoint that deserialized incoming data without applying serialization filters. On JDK version 16 and earlier, an attacker with network access to a JMX or RMI port on an instrumented JVM could exploit this ...

9.8CVSS6.5AI score0.00622EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/10 7:17 p.m.3 views

CVE-2026-27277

Substance3D - Stager versions 3.1.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/14 7:23 a.m.27 views

CVE-2025-48020

A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receives maliciously crafted packets, Vnet/IP software stack process may be terminated. The affected products and versions are as follows: Vnet/IP Interface Package for CENTU...

6.5CVSS5.2AI score0.00229EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/03 11:16 a.m.8 views

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.3...

6.5CVSS5.4AI score0.00324EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2026/01/26 12:0 a.m.4 views

Canon Printers Buffer Overflow Vulnerability (CP2026-001)

A buffer overflow vulnerability have been identified for certain Canon Small Office Multifunction Printers and Laser Printers. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

9.8CVSS6AI score0.0083EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/05 9:53 p.m.25 views

CVE-2025-68953 Certain Frappe requests are vulnerable to Path Traversal

Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in...

7.5CVSS0.00361EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.1 views

EUVD-2023-38148

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.00312EPSS
Exploits0References1
CVE
CVE
added 2025/09/06 6:43 a.m.44 views

CVE-2025-10046

The CVE-2025-10046 issue affects the WordPress plugin ELEX WooCommerce Google Shopping (Google Product Feed) up to version 1.4.3. The vulnerability resides in includes/elex-manage-feed-ajax.php where the file_to_delete parameter is not properly sanitized and the SQL query is not prepared, allowin...

4.9CVSS6AI score0.00666EPSS
Exploits2References3
CVE
CVE
added 2025/07/04 11:17 a.m.21 views

CVE-2025-52831

CVE-2025-52831: Video List Manager for WordPress is affected (versions

9.3CVSS5.9AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/28 12:0 a.m.4 views

PT-2025-27546 · Intelbras · Intelbras Rx1500 Router

Name of the Vulnerable Software and Affected Versions: Intelbras RX1500 Router versions 2.2.17 and earlier Description: An integer overflow exists in the websReadEvent function when processing the command field of the HTTP header. This can allow a remote attacker to execute arbitrary code or caus...

10CVSS7.7AI score0.06256EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/06/20 12:0 a.m.1 views

WordPress plugin PDPA Consent for Thailand 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.9CVSS5.7AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.5 views

CVE-2023-26516

Cross-Site Request Forgery CSRF vulnerability in WPIndeed Debug Assistant plugin = 1.4 versions...

8.8CVSS7.1AI score0.00389EPSS
Exploits0References1
OSV
OSV
added 2025/03/11 9:15 p.m.2 views

CVE-2025-27181

Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00285EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/01 12:0 a.m.6 views

WordPress plugin Database Backup and check Tables Automated With Scheduler 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Database Backup and check...

7.2CVSS8.3AI score0.00934EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/05 4:22 a.m.11 views

CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...

9.8CVSS6.8AI score0.92319EPSS
Exploits4References1
Rows per page
Query Builder