Lucene search
K

165 matches found

Patchstack
Patchstack
added yesterday7 views

WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by timomangcut in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.16...

6.5CVSS5.8AI score
Exploits0Affected Software1
Metasploit
Metasploit
added 2026/06/23 7:6 p.m.131 views

Audiobookshelf Unauthenticated API Authentication Bypass Scanner

This module detects Audiobookshelf servers affected by CVE-2025-25205, an unauthenticated authentication bypass. Affected versions 2.17.0 through 2.19.0 decide whether a GET request may skip authentication by testing an unanchored regular expression against the request's full original URL,...

8.2CVSS5.9AI score0.03834EPSS
Exploits2
NVD
NVD
added 2026/06/19 2:16 p.m.10 views

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

9.8CVSS0.00549EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:32 p.m.30 views

CVE-2026-48140 Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...

7.1CVSS0.00254EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50892

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A memory leak exists in the BeginSidebandStream function, which can lead to a denial of service condition caused by memory exhaustion. Recommendations Update to a version later than 2.17.0. A...

7.5CVSS5.9AI score0.0024EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 1:19 p.m.6 views

CVE-2025-69162

Unauthenticated Local File Inclusion in Grecko = 5.17 versions...

8.1CVSS0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:19 p.m.8 views

EUVD-2026-37003

Unauthenticated Cross Site Scripting XSS in SEO Redirection = 9.17 versions...

7.1CVSS5.1AI score0.00145EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49392

Unauthenticated Cross Site Scripting XSS in Paid Member Subscriptions = 2.17.3 versions...

7.1CVSS5.1AI score0.00175EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.8 views

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

3.1CVSS5.5AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.8 views

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-47074

Name of the Vulnerable Software and Affected Versions WP User Manager – User Profile Builder & Membership versions prior to 2.9.18 Description The plugin is susceptible to Local File Inclusion, a condition where an application includes files on a local server unexpectedly. This occurs through the...

7.5CVSS6AI score0.02403EPSS
Exploits0References19
OSV
OSV
added 2026/05/29 5:12 a.m.12 views

MGASA-2026-0157 Updated perl-HTTP-Daemon package fixes a security vulnerability

The updated package fixes a security vulnerability: HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. CVE-2026-8450...

9.1CVSS5.8AI score0.01231EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 12:0 a.m.8 views

UBUNTU-CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.7 views

Canonical Ubuntu Linux 安全漏洞

Canonical Ubuntu Linux is a Linux operating system developed by the British company Canonical. The Canonical Ubuntu Linux versions 6.8, 6.17, and 7.0 have security vulnerabilities. These vulnerabilities stem from potential null pointer dereferencing when handling AFINET/AFINET6 socket mediation,...

3.3CVSS5.8AI score0.00094EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/28 12:0 a.m.18 views

CVE-2026-47327

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

3.3CVSS5.8AI score0.00091EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/12 10:23 p.m.9 views

NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

NPM: SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware discovered by ? in WordPress Npm sillytavern versions = 1.17.0...

5.8AI score0.00323EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 8:20 a.m.11 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 8:16 p.m.6 views

UBUNTU-CVE-2026-42225

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS5.7AI score0.00161EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/07 6:47 p.m.9 views

CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS5.7AI score0.00161EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/07 6:47 p.m.7 views

CVE-2026-42225

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS5.7AI score0.00161EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder