Lucene search
+L

2238 matches found

nuclei
nuclei
added yesterday63 views

Joplin 3.3.3 Server - Privilege Escalation

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/-id t...

8.8CVSS6AI score0.01705EPSS
Exploits1References2
nuclei
nuclei
added yesterday12 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7AI score0.00562EPSS
Exploits1References2
redhat
redhat
added 2 days ago5 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: ruby3.3: ruby3.3-3.3.10-23.4.hum1 aarch64, x8664 ruby3.3-bundled-gems-3.3.10-23.4.hum1 aarch64, x8664 ruby3.3-default-gems-3.3.10-23.4.hum1 noarch ruby3.3-devel-3.3.10-23.4.hum1 aarch64, x8664...

9.8CVSS6.1AI score0.00491EPSS
Exploits0References6
cve
cve
added 2 days ago15 views

CVE-2026-30618

xszyou Fay 4.3.1 contains a remote code execution vulnerability in its MCP STDIO server management and command execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and parameters, resulti...

9.8CVSS6.6AI score0.0061EPSS
Exploits0References2
ptsecurity
ptsecurity
added 3 days ago4 views

PT-2026-58105

Name of the Vulnerable Software and Affected Versions Pillow versions prior to 12.3.0 Description The public rank-filter API in the Pillow Python imaging library allows a native heap out-of-bounds write when a very large odd filter size is provided. This occurs because the...

8.2CVSS6.1AI score0.00397EPSS
Exploits0References8
cve
cve
added 4 days ago17 views

CVE-2026-51538

CVE-2026-51538 (OpENer 2.3.0) describes an Incorrect Access Control in encapsulation session handling. The server validates that a session_handle exists in the global list but does not verify that the handle belongs to the TCP connection issuing the request. With no strong binding between a sessi...

9.1CVSS6.1AI score0.00379EPSS
Exploits0References2
cvelist
cvelist
added 6 days ago35 views

CVE-2026-11591 Widgets for Google Reviews <= 13.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'fomo-title' and 'fomo-text' Parameters

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 13.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level...

4.4CVSS0.00251EPSS
Exploits0References10
nvd
nvd
added last week10 views

CVE-2026-54469

Dell Unisphere for PowerMax, versions 10.3.0.5 and prior, contains a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges...

8.8CVSS0.00442EPSS
Exploits0References1
nvd
nvd
added last week5 views

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
attackerkb
attackerkb
added last week9 views

CVE-2026-13347

The Hide My WP Lite plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 1.3 via the hewrapperjs and hewrappercss query parameters processed by the elementorassetsfilter function. This is due to the function concatenating user-supplied input directly onto...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References4
nvd
nvd
added last week9 views

CVE-2026-14894

The Super Forms – Drag & Drop Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 6.3.313 via the submitform function. This is due to missing file type validation and the absence of any capability check on the submitform nopriv AJAX...

9.8CVSS0.00523EPSS
Exploits2References2
euvd
euvd
added 2026/07/09 7:55 a.m.6 views

EUVD-2026-42537

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.7. This is due to the plugin not properly verifying that a user is authorized to perform an...

5.3CVSS5.9AI score0.00323EPSS
Exploits0References10
cvelist
cvelist
added 2026/07/08 7:32 p.m.48 views

CVE-2026-44332 Fiber: Username Enumeration via Timing Oracle in BasicAuth Default Authorizer

Fiber is an Express inspired web framework written in Go. Prior to 3.3.0, the default Authorizer function in the BasicAuth middleware in middleware/basicauth/config.go uses short-circuit evaluation that skips password hash comparison for non-existent usernames, enabling reliable remote username...

5.3CVSS0.00517EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/07/08 4:18 p.m.9 views

CVE-2026-59925

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, long sequences of well-formed double-asterisk or triple-asterisk emphasis pairs around a character cause quadratic work in src/mistune/inlineparser.py because the parser scans forward for matching close markers from...

7.5CVSS6AI score0.00358EPSS
Exploits1References4Affected Software1
susecve
susecve
added 2026/07/07 3:13 p.m.10 views

SUSE CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1References3
euvd
euvd
added 2026/07/07 9:18 a.m.7 views

EUVD-2026-42028

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
debiancve
debiancve
added 2026/07/06 6:50 p.m.6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS6AI score0.00361EPSS
Exploits1
cvelist
cvelist
added 2026/07/06 6:49 p.m.32 views

CVE-2026-54060 Pillow: `FontFile.compile()`: `Image.new()` called without `_decompression_bomb_check()`

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS0.00361EPSS
Exploits1References3
debiancve
debiancve
added 2026/07/06 6:44 p.m.7 views

CVE-2026-55798

Pillow is a Python imaging library. Prior to 12.3.0, WindowsViewer.getcommand constructed a cmd.exe shell command by directly embedding a file path into an f-string without escaping and passed the result to subprocess.Popen..., shell=True, allowing shell metacharacters in the file path to inject...

4.5CVSS6AI score0.00136EPSS
Exploits1
euvd
euvd
added 2026/07/03 1:28 a.m.13 views

EUVD-2026-41469

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00301EPSS
Exploits0References6
Rows per page
Query Builder