Lucene search
K

344 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42593

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS5.9AI score0.0024EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/06 1:18 p.m.4 views

WordPress Flatsome theme <= 3.20.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Bonds in WordPress Theme Flatsome versions = 3.20.5...

7.1CVSS5.9AI score0.00251EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/30 11:39 p.m.2 views

BIT-GHOST-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 10:29 a.m.9 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.22 bug fix and security update

Red Hat OpenShift Container Platform release 4.21.22 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References3
OSV
OSV
added 2026/06/26 8:52 p.m.3 views

GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References2
EUVD
EUVD
added 2026/06/26 2:52 p.m.6 views

EUVD-2026-39712

Subscriber Arbitrary File Upload in Quform = 2.23.0 versions...

9.9CVSS5.8AI score0.00362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52843

Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...

6.5CVSS6AI score0.00389EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap out-of-bounds read occurred in the smartcard SetAttrib path when cbAttrLen did not match the actual NDR buffer length. This vulnerability has been fixed in version 3.20.1...

9.1CVSS5.5AI score0.00756EPSS
Exploits1References3
Patchstack
Patchstack
added 2026/06/19 2:21 p.m.7 views

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

NPM: undici vulnerable to HTTP header injection via Set-Cookie percent-decoding vulnerability discovered by ? in WordPress Npm undici versions 6.27.0...

5.9CVSS5.8AI score0.00257EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/16 9:38 p.m.28 views

CVE-2026-48783 Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS0.0017EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/16 6:59 p.m.5 views

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation

NPM: n8n: NoSQL Injection in MongoDB Node Find And Replace Operation vulnerability discovered by ? in WordPress Npm n8n versions 2.24.0...

7.7CVSS5.9AI score0.0026EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50169

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description An endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization or Content-Security-Policy headers. This allows for reflected Cross-Site...

7.6CVSS5.9AI score0.00177EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/09 6:30 p.m.9 views

EUVD-2026-35713

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Net::CIDR::Set 安全漏洞

Net::CIDR::Set is a Perl network address management library developed by RRWO’s individual developers. Versions of Net::CIDR::Set prior to 0.20 contained security vulnerabilities. These vulnerabilities stemmed from the acceptance of non-ASCII IP addresses and network masks. Unicode digits like...

6.5CVSS5.3AI score0.00196EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.15 views

RockyLinux 9 : nginx:1.24 (RLSA-2026:19371)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19371 advisory. nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 Tenable has extracted the preceding description block directly from the RockyLinux security...

9.2CVSS6.1AI score0.61469EPSS
Exploits40References3
Vulnrichment
Vulnrichment
added 2026/06/02 9:43 a.m.12 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS5.8AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 9:43 a.m.44 views

CVE-2025-53209 WordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

9.8CVSS0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.11 views

EUVD-2018-21949

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

8.8CVSS6.2AI score0.00341EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

WordPress plugin Masteriyo LMS PRO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS5.5AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Paroiciel SQL注入漏洞

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the tRecIdListe parameter, which allows for SQL injections. This could enable unauthenticated attackers ...

8.8CVSS6.1AI score0.00341EPSS
Exploits0References4
Rows per page
Query Builder