Lucene search
+L

675 matches found

cve
cve
added 2 days ago9 views

CVE-2026-61863

ImageMagick before 7.1.2-26 (and 6.x before 6.9.13-51) has a memory leak in the TIFF encoder that occurs when a temporary file cannot be created, potentially affecting availability by gradual memory growth. Red Hat’s advisory confirms the issue and recommends upgrading to ImageMagick 7.1.2-26 or ...

7.5CVSS6.1AI score0.00102EPSS
Exploits0References2Affected Software1
euvd
euvd
added 6 days ago8 views

EUVD-2026-43164

The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.4 via the setupSources function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS6.2AI score0.00676EPSS
Exploits0References6
nvd
nvd
added 2026/07/08 5:17 p.m.11 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS0.00436EPSS
Exploits0References3
osv
osv
added 2026/07/08 4:3 p.m.4 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6.1AI score0.00436EPSS
Exploits0References5
nvd
nvd
added 2026/07/08 6:16 a.m.9 views

CVE-2026-14489

The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...

8.8CVSS0.00561EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 5:34 a.m.8 views

EUVD-2026-42174

The WHMCS Bridge plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the connect function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Custom-level access and above, to upload arbitrary files on...

8.8CVSS6.7AI score0.00561EPSS
Exploits0References6
patchstack
patchstack
added 2026/07/02 1:35 p.m.7 views

WordPress Brook theme <= 2.9.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Brook versions = 2.9.0...

7.5CVSS5.9AI score0.00496EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/07/02 12:17 p.m.6 views

CVE-2026-57353

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS0.00299EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/02 11:16 a.m.41 views

CVE-2026-57765 WordPress WP EasyCart plugin <= 5.9.0 - SQL Injection vulnerability

Contributor SQL Injection in WP EasyCart = 5.9.0 versions...

8.5CVSS0.0022EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/02 11:15 a.m.33 views

CVE-2026-57353 WordPress Link Whisper Premium plugin <= 2.9.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Link Whisper Premium = 2.9.0 versions...

6.5CVSS0.00299EPSS
Exploits0References1
nvd
nvd
added 2026/06/29 3:16 p.m.9 views

CVE-2026-57341

Unauthenticated Insecure Direct Object References IDOR in Colissimo Officiel : Méthodes de livraison pour WooCommerce = 2.9.0 versions...

6.5CVSS0.00258EPSS
Exploits0References1
osv
osv
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-454 pgAdmin4 vulnerable to Remote Code Execution (RCE) when running in server mode

pgAdmin versions up to 9.9 are affected by a Remote Code Execution RCE vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical...

9.1CVSS6.5AI score0.12384EPSS
Exploits1References6
patchstack
patchstack
added 2026/06/29 8:18 a.m.8 views

WordPress Simple User Avatar plugin <= 4.9 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Simple User Avatar versions = 4.9...

4.3CVSS5.8AI score0.00183EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/26 3:45 p.m.4 views

CVE-2026-47214 Docling: Unsafe URI and Path Handling in HTML Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.9AI score0.00217EPSS
Exploits0References4
patchstack
patchstack
added 2026/06/23 4:40 p.m.7 views

WordPress Book a Room Event Calendar plugin <= 1.9 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by swat in WordPress Plugin Book a Room Event Calendar versions = 1.9...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2026/06/23 12:0 a.m.6 views

Oracle Linux 9 : python3.9 (ELSA-2026-19216)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19216 advisory. - Security fixes for CVE-2026-4786 and CVE-2026-6100 Resolves: RHEL-167919, RHEL-168161 - Security fix for CVE-2026-4519 Resolves: RHEL-158117 Tenable...

9.1CVSS6.9AI score0.00579EPSS
Exploits0References4
nvd
nvd
added 2026/06/17 1:20 p.m.10 views

CVE-2026-39595

Author Broken Access Control in W3 Total Cache = 2.9.1 versions...

4.7CVSS0.0021EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/17 9:51 a.m.33 views

CVE-2026-49778 WordPress WPFunnels Pro plugin <= 2.9.4 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WPFunnels Pro = 2.9.4 versions...

7.1CVSS0.00186EPSS
Exploits0References1
cve
cve
added 2026/06/15 8:19 p.m.24 views

CVE-2026-49766

CVE-2026-49766 affects the WordPress plugin WP User Manager (versions ≤ 2.9.16). The vulnerability is described as an Arbitrary File Deletion issue reported for subscribers. The available metrics indicate a CRITICAL impact (CVSS 3.1: 9.9; NETWORK attack vector; LOW privileges required; no user in...

9.9CVSS5.2AI score0.00506EPSS
Exploits0References1
packetstorm
packetstorm
added 2026/06/11 12:0 a.m.75 views

📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass

This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...

7.3CVSS5.5AI score0.00283EPSS
Exploits3
Rows per page
Query Builder