Lucene search
K

952 matches found

Microsoft KB
Microsoft KB
added 2 days ago7 views

July 14, 2026-KB5101004 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 23H2

None None...

8.1CVSS6.1AI score0.01579EPSS
Exploits0
NVD
NVD
added 2026/07/09 6:16 a.m.16 views

CVE-2026-5523

The Divi Form Builder plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.1.8. This is due to the updateuser function accepting a user ID parameter from form submissions without verifying that the authenticated user has permission to edit that specific...

8.8CVSS0.00309EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/08 4:9 a.m.8 views

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_130_1, and kpatch-patch-4_18_0-477_97_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS6AI score0.0049EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 11:16 p.m.9 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.8 views

EUVD-2026-41279

Unauthenticated Cross Site Scripting XSS in Admin and Site Enhancements ASE Pro = 8.8.5 versions...

9.6CVSS5.8AI score0.00269EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 10:16 a.m.9 views

CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00441EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/02 8:42 a.m.8 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 8:33 a.m.37 views

CVE-2026-10104 Product Video Gallery for Woocommerce <= 1.5.1.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via custom_thumbnail Parameter

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
NVD
NVD
added 2026/07/01 4:16 p.m.13 views

CVE-2026-8480

A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 included, 4.4.0 to 4.8.15 included , 5.0.2 EA to 5.0.5 included A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to...

4.3CVSS0.00087EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.7 views

CVE-2026-57320

Unauthenticated Cross Site Scripting XSS in BEAR = 1.1.8 versions...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2025-210361

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 2:53 p.m.7 views

EUVD-2026-39753

Unauthenticated Cross Site Request Forgery CSRF in Abandoned Cart Lite for WooCommerce = 6.8.0 versions...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.12 views

CVE-2026-57325

The CVE-2026-57325 covers an unauthenticated Cross-Site Scripting (XSS) vulnerability in the WordPress NanoMag theme versions up to 1.8. The issue affects the NanoMag theme code path exposed to users, enabling XSS payloads without authentication. Documents confirm the affected product (WordPress ...

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:57 p.m.6 views

WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BNE Testimonials versions = 2.0.8...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52843

Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...

6.5CVSS6AI score0.00389EPSS
Exploits1References5
OSV
OSV
added 2026/06/23 5:18 p.m.4 views

CVE-2026-49411 Deno Node TCPWrap numeric hostname aliases bypass --deny-net resolved-IP deny checks

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.0, the Node.js compatibility TCP path checked the permission against the original hostname string before resolution and then did not re-check after resolution. A caller could therefore pass a numeric alias of an IP address fo...

6.5CVSS6AI score0.00111EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/22 5:1 p.m.4 views

EUVD-2026-11599

OpenCTI has Semi-Blind SSRF via Unvalidated External URL in Data Ingestion Feature...

7.7CVSS5.8AI score0.00212EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 4:52 p.m.48 views

CVE-2026-54285

Opentelemetry-js (OpenTelemetry JavaScript client) is affected by CVE-2026-54285 through the W3CBaggagePropagator.extract() path in @opentelemetry/core prior to 2.8.0, where inbound baggage headers were not capped and could trigger memory allocation proportional to header size. The issue is fixed...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/21 3:45 p.m.36 views

CVE-2026-56404

libexpat before 2.8.2 has an integer overflow in addBinding...

6.9CVSS0.00102EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 6:17 a.m.14 views

CVE-2026-56131

libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur similar to the CVE-2026-50219 situation...

4.9CVSS0.00135EPSS
Exploits0References1
Rows per page
Query Builder