Lucene search
K

2329 matches found

Nuclei
Nuclei
added 5 hours ago31 views

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

9.8CVSS7.1AI score0.04342EPSS
Exploits1References2
NVD
NVD
added yesterday6 views

CVE-2026-59518

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-59518 WordPress Directorist plugin <= 8.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpWax Directorist directorist allows Object Injection.This issue affects Directorist: from n/a through = 8.8.2...

9.8CVSS0.00564EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57811

CVE-2026-57811 concerns WordPress Realtyna Organic IDX plugin (real-estate-listing-realtyna-wpl) with versions up to and including 5.2.0. The issue is labeled as an improper generation of code (Code Injection) vulnerability that enables Remote Code Inclusion. It affects the plugin’s handling of c...

10CVSS6.2AI score0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago44 views

CVE-2026-59858 Vim: Arbitrary Code Execution via C Omni-Completion

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago47 views

CVE-2026-59857 Vim: Out-of-bounds Write in SAL Soundfolding

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spellsoundfoldsal in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen MAXWLEN, allowing reslen...

5.6CVSS0.00107EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-6910

The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookeroproducts shortcode's hideproducts and filterproducts attributes in versions up to and including 2.2. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS0.00212EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-6910

The Bookero.pl – system rezerwacji online plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookeroproducts shortcode's hideproducts and filterproducts attributes in versions up to and including 2.2. This is due to insufficient input sanitization and output escaping in the...

6.4CVSS5.9AI score0.00212EPSS
Exploits0References7
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-7558 Age Verification & Identity Verification by Token of Trust <= 4.0.2 - Missing Authorization to Unauthenticated Information Exposure via 'tot_export_table' Parameter

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handleexporttable function being registered on the WordPress 'init' hook, which fires for all requests, including...

5.3CVSS0.00262EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42521

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' attribute in all versions up to, and including, 10.10.2 due to insufficient input sanitization and output escaping...

6.4CVSS6.1AI score0.00256EPSS
Exploits0References6
Cvelist
Cvelist
added last week37 views

CVE-2026-13019 Missing Authentication

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS0.0041EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added last week8 views

SUSE CVE-2026-42311

Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0...

8.6CVSS6.2AI score0.0015EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 8:59 p.m.14 views

CVE-2026-14468

Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/04 1:15 p.m.28 views

CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS0.00309EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/04 11:13 a.m.7 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:13 a.m.5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/04 11:13 a.m.5 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 7:53 a.m.7 views

EUVD-2026-41521

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 7:43 p.m.13 views

CVE-2026-59100

CVE-2026-59100 affects LobeChat up to version 2.2.9. It describes a broken object level authorization allowing authenticated attackers to access and modify other users’ chat-group agent data by supplying arbitrary group identifiers. Attackers can call getGroupAgents, updateAgentInGroup, and remov...

5CVSS5.9AI score0.0018EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 12:16 p.m.7 views

CVE-2025-69094

Subscriber SQL Injection in Unicamp = 2.2.2 versions...

8.5CVSS0.00278EPSS
Exploits0References1
Rows per page
Query Builder