Lucene search
K

105731 matches found

Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.15 views

PT-2026-49134

Name of the Vulnerable Software and Affected Versions Linux-PAM versions prior to 1.7.3 Description A timing discrepancy exists in the pam userdb module's plaintext-password comparison path within modules/pam userdb/pam userdb.c. A local or network-adjacent attacker can recover the plaintext...

8.2CVSS5.3AI score0.00321EPSS
Exploits0References8
CVE
CVE
added 2026/06/13 11:15 p.m.31 views

CVE-2026-12176

SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 contains a cross-site scripting (XSS) vulnerability in an unknown function of the file /index.php when the action parameter is manipulated. The attack is remote and has been publicly disclosed . Exploit maturity is label...

5.3CVSS3.7AI score0.00265EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/13 4:34 p.m.6 views

CVE-2026-6428

SQL Injection in reports/catalogueout.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary da...

7.6CVSS6AI score0.00244EPSS
Exploits0References3
CVE
CVE
added 2026/06/13 4:34 p.m.26 views

CVE-2026-6428

CVE-2026-6428 describes an SQL injection in Koha’s reports/catalogue_out.pl up to versions 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00. The vulnerability arises from a vulnerable sink that concatenate...

7.6CVSS6AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:46 a.m.13 views

BIT-MYSQL-CLIENT-2026-49261 MariaDB server has unsafe parameter handling in `wsrep_notify_cmd`

MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with wsrepnotifycmd enabled would execute shell commands embedded in the name of the joiner node. This is fixed in...

10CVSS5.5AI score0.00998EPSS
Exploits0References3
OSV
OSV
added 2026/06/13 8:45 a.m.9 views

BIT-MONGODB-2026-9751 Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.2AI score0.00109EPSS
Exploits0References2
NVD
NVD
added 2026/06/13 8:16 a.m.13 views

CVE-2026-9629

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS0.00199EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/13 7:51 a.m.21 views

CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS0.00199EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/13 7:51 a.m.12 views

EUVD-2026-36648

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/13 7:51 a.m.7 views

CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/13 7:51 a.m.7 views

CVE-2026-2470 Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.9. This is due to the pagelayersavecontent AJAX handler allowing users with basic post-edit capability to persist...

4.3CVSS5.4AI score0.00204EPSS
Exploits0References2
CVE
CVE
added 2026/06/13 7:51 a.m.27 views

CVE-2026-9629

The Canvas plugin for WordPress (Canvas) contains a Stored Cross-Site Scripting vulnerability via the 'tag' parameter in all versions up to 2.5.2 due to insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access or higher can inject scripts that e...

6.4CVSS5.6AI score0.00199EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/13 6:47 a.m.31 views

CVE-2026-9134 Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter

The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributekey' shortcode parameter in versions up to, and including, 3.1.31 This is due to an incomplete JavaScript event handler blacklist in the foogallerysanitizejavascript function, which blocks onl...

6.4CVSS0.00203EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/13 6:0 a.m.9 views

EUVD-2026-36644

The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary .php files from the server, including configuration files that contain database credentials and authentication keys...

5.5AI score0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 2:29 a.m.16 views

EUVD-2026-36636

The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter s in versions up to, and including, 6.0.4 The plugin hooks WordPress's postsrequest filter with wpticketcompostsrequest, which calls emdauthorsearchresults when the current request is an...

7.5CVSS5.7AI score0.0051EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/13 2:29 a.m.32 views

CVE-2026-9848 WP Ticket <= 6.0.4 - Unauthenticated SQL Injection via WordPress Search 's' Parameter

The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter s in versions up to, and including, 6.0.4 The plugin hooks WordPress's postsrequest filter with wpticketcompostsrequest, which calls emdauthorsearchresults when the current request is an...

7.5CVSS0.0051EPSS
Exploits0References7
CVE
CVE
added 2026/06/13 2:29 a.m.46 views

CVE-2026-9848

The WP Ticket WordPress plugin (versions up to 6.0.4) is vulnerable to SQL Injection via the WordPress search parameter s. The vulnerability arises when unauthenticated front-end search triggers wp_ticket_com_posts_request(), which calls emd_author_search_results() and concatenates the raw s valu...

7.5CVSS5.8AI score0.0051EPSS
Exploits0References7
Mageia
Mageia
added 2026/06/13 1:38 a.m.12 views

Updated packages fix security vulnerabilities

CVE-2026-49261 MariaDB server has unsafe parameter handling in wsrepnotifycmd CVE-2026-48165 MariaDB: unsafe usage of wsrepsstreceiveaddress values on the joiner side CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side rsync...

10CVSS5.3AI score0.00998EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.23 views

PT-2026-49087

Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.23 views

PT-2026-49077

Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...

7.5CVSS5.5AI score0.0051EPSS
Exploits0References10
Rows per page
Query Builder