Lucene search
K

61 matches found

Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-13752 Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creation and SPCS Service Log Commands

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session...

6CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39380

Contributor Remote Code Execution RCE in Post Snippets = 4.0.19 versions...

8.5CVSS5.9AI score0.00351EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/06/23 7:6 p.m.133 views

Audiobookshelf Unauthenticated API Authentication Bypass Scanner

This module detects Audiobookshelf servers affected by CVE-2025-25205, an unauthenticated authentication bypass. Affected versions 2.17.0 through 2.19.0 decide whether a GET request may skip authentication by testing an unanchored regular expression against the request's full original URL,...

8.2CVSS5.9AI score0.03834EPSS
Exploits2
OSV
OSV
added 2026/06/02 5:16 p.m.7 views

UBUNTU-CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

6.3CVSS5.7AI score0.003EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/05/04 5:44 p.m.5 views

CVE-2026-41572 Note Mark: Unauthenticated read of notes and assets in soft-deleted public books

Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/id, /api/notes/id/content, the slug URL, and the asset endpoints. Unauthenticated callers who hold the note I...

5.3CVSS5.7AI score0.00194EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.4 views

EUVD-2025-208308

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordPress: from n/a through = 0.19...

5.9AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.7 views

PT-2026-23147

Name of the Vulnerable Software and Affected Versions Theater for WordPress versions prior to 0.19 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting issue. This allows for Stored XSS attacks...

5.8AI score0.00211EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/24 7:13 p.m.8 views

Security Bulletin: Vulnerabilities in COMPONENT_NAME_HERE affecting MongoDB Enterprised Advanced (CVE-2024-29371)

Summary There is a vulnerability in jose4j-0.9.4.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2024-29371. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS conditio...

7.5CVSS5.4AI score0.00244EPSS
Exploits1Affected Software1
Debian CVE
Debian CVE
added 2026/02/22 4:2 a.m.8 views

CVE-2026-2913

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vipssourcereadtomemory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as...

7CVSS4AI score0.00182EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/02/22 4:2 a.m.4 views

CVE-2026-2913 libvips source.c vips_source_read_to_memory heap-based overflow

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vipssourcereadtomemory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as...

2.5CVSS4AI score0.00182EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/02/20 3:46 p.m.20 views

CVE-2025-69297 WordPress Aardvark Plugin plugin <= 2.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through = 2.19...

7.5CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:46 p.m.11 views

CVE-2025-69297

CVE-2025-69297 concerns the WordPress Aardvark Plugin (aardvark-plugin) with versions through 2.19, due to Missing Authorization that enables broken access control. The issue affects GhostPool Aardvark Plugin and is described as an Incorrectly Configured Access Control Security Levels vulnerabili...

7.5CVSS5.5AI score0.00238EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/02/09 11:37 p.m.5 views

CVE-2025-13151 affecting package libtasn1 for versions less than 4.19.0-3

CVE-2025-13151 affecting package libtasn1 for versions less than 4.19.0-3. A patched version of the package is available...

7.5CVSS5.5AI score0.01109EPSS
Exploits0
Patchstack
Patchstack
added 2026/02/02 8:30 a.m.5 views

WordPress Ultimate Addons for WPBakery Page Builder plugin <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by haidv35 - VCS in WordPress Plugin Ultimate Addons for WPBakery Page Builder versions = 3.19.20...

6.4CVSS5.3AI score0.00297EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/06 5:15 p.m.15 views

CVE-2025-69331

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through = 0.19...

4.3CVSS0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/06 4:36 p.m.5 views

CVE-2025-69331 WordPress Theater for WordPress plugin <= 0.19 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jeroen Schmit Theater for WordPress theatre allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Theater for WordPress: from n/a through = 0.19...

6.6AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-1023

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 2.19.0 Description Signal K Server is a server application used in marine environments. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API...

8.6CVSS7.6AI score0.00645EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/12/24 1:10 p.m.4 views

CVE-2025-67623 WordPress 6Storage Rentals plugin <= 2.22.0 - Server Side Request Forgery (SSRF) vulnerability

Server-Side Request Forgery SSRF vulnerability in 6Storage 6Storage Rentals 6storage-rentals allows Server Side Request Forgery.This issue affects 6Storage Rentals: from n/a through = 2.22.0...

5.4CVSS5.1AI score0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/05 9:27 a.m.3 views

CVE-2025-12876 Projectopia – WordPress Project Management <= 5.1.19 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Projectopia – WordPress Project Management plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ptodeletefile AJAX action in all versions up to, and including, 5.1.19. This makes it possible for unauthenticated attackers to delete...

5.3CVSS5.1AI score0.00286EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.5 views

WordPress plugin Export All Posts 跨站请求伪造漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is ...

6.5CVSS6.3AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder