Lucene search
K

18 matches found

OSV
OSV
added 2026/06/08 3:2 p.m.5 views

CLEANSTART-2026-XV65906 Security fixes for CVE-2023-45288, CVE-2023-48795, CVE-2024-24786, CVE-2024-45337, CVE-2024-45338, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27140, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 2.10.1-r0, 2.10.1-r1, 2.10.1-r2

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.6AI score0.9378EPSS
Exploits11References111
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

Due to a vulnerability in the iouring subsystem, it is possible for kernel memory information to be leaked to the user process. timensinstall calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s ioworker...

5.5CVSS6.6AI score0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:21 a.m.6 views

CVE-2026-40744

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue affects Beaver Builder: from n/a through = 2.10.1.2...

5.9AI score0.0022EPSS
Exploits0References2
CVE
CVE
added 2026/02/19 8:26 a.m.16 views

CVE-2026-25330

CVE-2026-25330 affects the WordPress PublishPress Authors plugin (<= 4.10.1). Described as a Missing Authorization / Broken Access Control vulnerability due to incorrectly configured access control security levels. CVSSv3.1: 4.3 (Medium) with Network attack vector, Privileges Required: Low, Us...

4.3CVSS5.4AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.4 views

CVE-2026-25487

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability in Craft Commerce allows attackers to execute malicious JavaScript in an administrator's browser. This occurs because the Tax Rates 'Name' field in the...

6.1CVSS5.5AI score0.00261EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-6294

Name of the Vulnerable Software and Affected Versions Craft Commerce versions 4.0.0-RC1 through 4.10.0 Craft Commerce versions 5.0.0 through 5.5.1 Description Craft Commerce, an ecommerce platform for Craft CMS, contains a stored cross-site scripting XSS issue. The issue resides in the Shipping...

6.2CVSS5.5AI score0.00261EPSS
Exploits1References9
CVE
CVE
added 2026/01/23 2:29 p.m.11 views

CVE-2026-24636

CVE-2026-24636 describes a Missing Authorization vulnerability in Sugar Calendar (Lite) plugin for WordPress. The issue affects Sugar Calendar (Lite) versions up to and including 3.10.1 and is categorized as broken/incorrect access control (Missing Authorization). Public sources in the connected ...

4.3CVSS5.9AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:51 p.m.3 views

CVE-2025-50004 WordPress JupiterX Core plugin <= 4.10.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

8.8CVSS5.9AI score0.00559EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:51 p.m.4 views

CVE-2025-50004

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

8.5CVSS5.3AI score0.00559EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/25 12:0 a.m.2 views

Fedora 43 : subfinder (2025-6b23a0b058)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6b23a0b058 advisory. Update to 2.10.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/14 12:0 a.m.8 views

PT-2025-51179

A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is...

5.3CVSS6.6AI score0.00401EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

WordPress plugin WPJobBoard 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

7.1CVSS8.3AI score0.003EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/02 12:0 a.m.3 views

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2024/03/21 9:15 a.m.1 views

DEBIAN-CVE-2024-29131

Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue...

7.3CVSS6.2AI score0.02054EPSS
Exploits0References1
OSV
OSV
added 2024/02/05 10:16 p.m.5 views

CVE-2024-1209

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...

5.3CVSS7.3AI score0.02419EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.3 views

PT-2023-20500 · Unknown · Code-Server

Name of the Vulnerable Software and Affected Versions: code-server versions prior to 4.10.1 Description: The issue is related to Missing Origin Validation in WebSockets handshakes. This can allow an adversary in specific scenarios to access data from and connect to the code-server instance...

9.3CVSS7.2AI score0.0034EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/03/15 12:0 a.m.4 views

PT-2022-13544 · Sqlpad · Sqlpad

Name of the Vulnerable Software and Affected Versions: sqlpad versions prior to 6.10.1 Description: The issue is related to template injection in the connection test endpoint, which can lead to remote code execution RCE. This problem has been identified in the GitHub repository sqlpad/sqlpad. The...

9.1CVSS9.9AI score0.08669EPSS
Exploits12References14
CNVD
CNVD
added 2019/01/30 12:0 a.m.3 views

Atlassian Crowd Remote Directory Password Vulnerability

Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization, and other functions for multiple users, web applications, and directory servers. A security vulnerability exists in Atlassian Crowd versions prior to 2.10.1. An attack...

4.9CVSS6.9AI score0.01056EPSS
Exploits0References1
Rows per page
Query Builder