Lucene search
K

31 matches found

CVE
CVE
added 2026/07/02 11:15 a.m.13 views

CVE-2026-57673

Technical details of CVE-2026-57673 are not publicly provided in the supplied documents. Monitor for updates from authoritative sources; the available entries indicate unauthenticated XSS in Optimole

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 9:51 a.m.7 views

EUVD-2026-40280

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Following the fix for CVE-2026-49270 an unauthenticated attacker can now cause broker OOM by sending an repeated BrokerInfo commands without sending a ConnectionInfo, until the broke...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52615

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description The Custom MCP feature, used for executing OS commands like launching local MCP servers, is unsandboxed. Due to a minimal authentication and authorization model lacking role-based access control, and...

9.8CVSS6AI score0.00757EPSS
Exploits1References7
CVE
CVE
added 2026/06/16 8:57 p.m.21 views

CVE-2026-49057

The CVE-2026-49057 entry concerns the WordPress JobSearch plugin (≤ 3.2.7) with Unauthenticated Broken Access Control. Concrete details found: affected software/product is WordPress JobSearch plugin; vulnerable component/condition is broken access control without authentication; impact is describ...

7.5CVSS5.1AI score0.00296EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was discovered in Exiv2 versions v0.27.4 and earlier. This infinite loop occurs when Exiv2 is used to modify the metadata of a specially crafted image file. ...

5.5CVSS6.3AI score0.01109EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/01 9:32 a.m.12 views

WordPress Dracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPress plugin <= 1.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress versions = 1.2.7...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

UTT HiPER 1250GW 缓冲区错误漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained a buffer overflow vulnerability. This vulnerability stemmed from an operation involving the parameter “Profile” in the function strcpy within the file...

9CVSS7.8AI score0.00544EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/06 3:31 p.m.34 views

CVE-2026-34588 OpenEXR has a signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internalexrundopiz advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and...

8.6CVSS0.00482EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/25 4:15 p.m.43 views

CVE-2026-32573 WordPress Nelio AB Testing plugin <= 8.2.7 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Code Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.7...

9.1CVSS0.00297EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.9 views

PT-2026-24547

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reload preview function. This makes it possible for...

6.1CVSS5.6AI score0.00095EPSS
Exploits0References3
OSV
OSV
added 2026/03/03 6:31 p.m.3 views

GHSA-V8JM-5VWX-CFXM DOMPurify contains a Cross-site Scripting vulnerability

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.9AI score0.00245EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:11 p.m.5 views

CVE-2018-18270

XSS exists in CMS Made Simple version 2.2.7 via the m1newsurl parameter in an admin/moduleinterface.php "Content--News--Add Article" action...

6.1CVSS6.1AI score0.00833EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 3:13 p.m.6 views

CVE-2025-63011

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

5.9CVSS5.9AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.25 views

CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through = 2.2.8...

4.3CVSS0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/04 12:20 a.m.11 views

CVE-2025-46556 MantisBT is Vulnerable to Denial-of-Service (DoS) attack via Excessive Note Length

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes tested with 4,788,761 characters due to a lack of server-side validation of note length. Once such a note is added,...

6.5CVSS0.00375EPSS
Exploits0References4
CVE
CVE
added 2025/10/10 10:33 a.m.25 views

CVE-2025-61859

CVE-2025-61859 (V-SFT) affects FUJI Electric V-SFT, specifically VS6ComFile!CItemDraw::is_motion_tween in versions 6.2.7.0 and earlier. The vulnerability is an out-of-bounds write, which opening specially crafted V-SFT files can cause information disclosure, ABEND, and arbitrary code execution. P...

8.4CVSS7.5AI score0.00168EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/10/06 10:35 p.m.5 views

WordPress Featured Image from URL (FIFU) plugin <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Featured Image Custom Fields vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Featured Image from URL versions = 5.2.7...

6.4CVSS5.6AI score0.0018EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.4 views

WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS7.7AI score0.00578EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-58249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL. CVE-2024-58249 Note that Nessus relies o...

3.7CVSS5AI score0.00464EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 p.m.11 views

CVE-2022-26585

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability via /cms/content/list...

9.8CVSS8.2AI score0.05617EPSS
Exploits1References1
Rows per page
Query Builder