Lucene search
K

3905 matches found

CVE
CVE
added 4 hours ago4 views

CVE-2026-57371

Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through = 7.0...

8.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added 4 hours ago4 views

CVE-2026-57372

Server-Side Request Forgery SSRF vulnerability in denishua WPJAM Basic wpjam-basic allows Server Side Request Forgery.This issue affects WPJAM Basic: from n/a through = 7.0...

7.2CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 8 hours ago48 views

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

9.3CVSS6.1AI score0.01443EPSS
Exploits1References4
CVE
CVE
added 3 days ago6 views

CVE-2026-15084

CVE-2026-15084 is a Stored XSS vulnerability in Drupal UI Patterns (SDC in Drupal UI). Affects UI Patterns (SDC in Drupal UI) versions 2.0.0 through 2.0.17. The issue is due to improper neutralization of input during web page generation. Public references indicate SA-CONTRIB-2026-075 describes th...

6.1AI score0.00254EPSS
Exploits0References1
CVE
CVE
added 3 days ago6 views

CVE-2026-59193

Grav CMS is a file-based web platform. Before version 2.0.0, an authenticated admin.super user could trigger a denial of service by uploading a specially crafted ZIP via the Direct Install tool, because Installer::unZip uses ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References3Affected Software1
CVE
CVE
added 3 days ago5 views

CVE-2026-6802

The CVE-2026-6802 entry concerns the WordPress plugin Easy Upload Files During Checkout, affected up to version 3.0.1. The vulnerability stems from missing authorization checks in the ufdc_custom_init() function, which processes the eufdc-delete parameter without nonce verification, capability ch...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42839

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-11818

The CVE concerns the WPCafe WordPress plugin (up to version 3.0.14) where an authorization bypass exists in REST API endpoints. Authenticated users with subscriber-level access and above can perform admin-only actions (list, create, update, delete, clone, bulk-delete) on notification flow workflo...

5.4CVSS5.9AI score0.00251EPSS
Exploits0References10
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42637

PayRange Android app, version 7.0.7 and below, contains an SSL bypass vulnerability that allows invalid certificates to be accepted in application webviews. A remote and unauthenticated attacker can steal information that the user sends...

7.5CVSS6AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago38 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS0.00436EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56490

Name of the Vulnerable Software and Affected Versions js-yaml versions 3.0.0 through 3.14.x js-yaml versions 4.0.0 through 4.2.x Description js-yaml can consume quadratic CPU time when parsing a document that grows linearly in size. This occurs when a chain of mappings utilizes merge keys, where...

7.5CVSS6AI score0.0035EPSS
Exploits0References9
NVD
NVD
added 6 days ago9 views

CVE-2026-42172

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Sanctum API tokens did not expire, allowing a leaked token to retain access indefinitely until manually revoked. This issue is fixed in version 4.0.0-beta.474...

3.1CVSS0.00188EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-41982

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
CVE
CVE
added last week13 views

CVE-2026-14468

Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
CVE
CVE
added last week29 views

CVE-2026-9181

ArcGIS Server is affected by a directory traversal vulnerability. An unauthenticated attacker can exploit it by sending crafted path parameters, potentially enabling access to sensitive files on the system. The issue affects all versions up to and including 12.0. The connected sources confirm the...

9.8CVSS6AI score0.00727EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week34 views

CVE-2026-9181 Directory Traversal in ArcGIS Server

Esri ArcGIS Server contains a directory traversal vulnerability. ArcGIS Enterprise on Kubernetes is not impacted. An unauthenticated attacker could exploit this issue by sending crafted path parameters. Successful exploitation could allow overwriting sensitive files on the system. Abuse of this...

9.8CVSS0.00727EPSS
Exploits0References1
NVD
NVD
added last week8 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 1:10 p.m.4 views

EUVD-2026-41874

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:10 p.m.10 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:38 a.m.36 views

CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

0.00471EPSS
Exploits0References1
Rows per page
Query Builder