Lucene search
K

68 matches found

CVE
CVE
added 2026/06/29 7:42 p.m.41 views

CVE-2026-43724

CVE-2026-43724 affects macOS Tahoe (kernel) and is described as an issue where an app may be able to cause unexpected system termination or write kernel memory. The fixed variant is addressed by improved input sanitization and is released in macOS Tahoe 26.5.2 (also reflected for iOS 26.5.2 and i...

7.8CVSS5.7AI score0.00142EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-261 NASA AIT-Core vulnerable to remote code execution

An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string...

9.2CVSS6.1AI score0.00428EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53706

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A double free issue, which occurs when the system attempts to free the same memory location twice, was addressed with improved memory...

6.5CVSS5.9AI score0.00182EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/26 1:16 p.m.8 views

WordPress WP Job Portal plugin <= 2.5.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by hhhai in WordPress Plugin WP Job Portal versions = 2.5.2...

8.5CVSS5.8AI score0.00211EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/15 9:17 p.m.11 views

CVE-2026-48872

Unauthenticated Sensitive Data Exposure in EmbedPress = 4.5.2 versions...

7.5CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.10 views

EUVD-2026-36855

Subscriber Cross Site Scripting XSS in WP Job Portal = 2.5.2 versions...

6.5CVSS5.1AI score0.00205EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:16 a.m.12 views

CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS0.0014EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-021475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021475 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers wher...

6.1CVSS5.8AI score0.00192EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32699

Name of the Vulnerable Software and Affected Versions InDesign Desktop versions 20.5.2 and 21.2 and earlier Description A Use After Free issue exists where the software continues to use a pointer after it has been freed. This could result in arbitrary code execution in the context of the current...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/10 1:22 a.m.8 views

CVE-2026-39619

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

9.6CVSS5.9AI score0.00143EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39619

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

5.9AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 8:30 a.m.8 views

EUVD-2026-20261

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

5.9AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.15 views

PT-2026-31184

CVE-2026-39619 Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a t… https://t.co/PP035okJ62...

9.6CVSS5.8AI score0.00143EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 6:37 p.m.3 views

GHSA-CPJ3-3R2F-XJ59 OpenBao has Reflected XSS in its OIDC authentication error message

Impact OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed authentication. This allows an attacker access to the token used in the Web UI by a...

9.4CVSS5.8AI score0.00287EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Lychee 代码问题漏洞

Lychee is a beautiful and easy-to-use photo management system developed by The Lychee Organisation. It is used for managing and sharing photos. Versions of Lychee prior to 7.5.2 had code vulnerabilities that could be exploited through DNS redirection bypasses, allowing for server-side request...

4.3CVSS5.9AI score0.00217EPSS
Exploits1References2
NVD
NVD
added 2026/03/18 5:16 p.m.7 views

CVE-2026-32610

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets alloworigins="" combined with allowcredentials=True. When both of these options are enabled together, Starlette's CORSMiddlewa...

8.1CVSS0.00339EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/08 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-tornado (UTSA-2026-005911)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005911 advisory. Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header...

7.5CVSS6.6AI score0.00378EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.8 views

CVE-2024-51915

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Stored XSS.This issue affects LiteSpeed Cache: from n/a through = 6.5.2...

6.5CVSS5.5AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.5 views

CVE-2026-25487

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.11 views

PT-2026-6294

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Shipping...

6.2CVSS5.5AI score0.00261EPSS
Exploits1References9
Rows per page
Query Builder