Lucene search
K

1713 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-55575

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-55575 LiquidJS: `pop` filter bypasses `memoryLimit` accounting that its array-filter siblings enforce

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS0.00384EPSS
Exploits0References4
CVE
CVE
added 6 days ago8 views

CVE-2026-55575

LiquidJS (template engine for Shopify/GitHub Pages) has a vulnerability in the pop array filter prior to 10.27.1: the code path allocates a full clone of the input array with [...toArray(v)] without invoking this.context.memoryLimit.use(...), allowing a template render like {{ huge_array | pop }}...

8.2CVSS6AI score0.00384EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42187

The embedded JavaScript in the PDF deleted the pages, making the object invalid. The application attempted to perform a write operation on the invalid pop-up annotations, resulting in the program crashing...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 6:35 p.m.14 views

EUVD-2026-37585

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS6.1AI score0.00535EPSS
Exploits0References7
CVE
CVE
added 2026/06/17 9:30 a.m.20 views

CVE-2026-12115

The vulnerability CVE-2026-12115 affects the WordPress plugin Counter Box (versions up to 2.0.13). It allows PHP Object Injection via deserialization of untrusted input and requires authenticated access at Administrator+ level. Deserialization occurs automatically during the post-import redirect ...

6.6CVSS6AI score0.00535EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/12 8:2 a.m.11 views

CVE-2026-12058

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed...

5.3CVSS5.2AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.17 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.10 views

CVE-2026-7566

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34947

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP...

6.6CVSS5.9AI score0.0045EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.15 views

PT-2026-47129

Name of the Vulnerable Software and Affected Versions LearnPress – Backup & Migration Tool versions prior to 4.1.5 Description The plugin is susceptible to PHP Object Injection due to the deserialization of untrusted input. This allows authenticated attackers with administrator-level access or...

6.6CVSS5.8AI score0.0045EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.12 views

CVE-2026-7637

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

9.8CVSS5.9AI score0.00573EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-3017

The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the importshortcodes function. This makes it possible for authenticate...

7.2CVSS5.9AI score0.00527EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/05/27 1:28 p.m.19 views

USN-8323-1: Postorius vulnerability

It was discovered that Postorius did not properly escape HTML in message subjects when rendering the Held messages pop-up. An attacker could possibly use this issue to inject arbitrary HTML, resulting in exposure of sensitive information...

7.2CVSS5.9AI score0.00237EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, sockmap: Several fixes to bpfmsgpopdata Several fixes to bpfmsgpopdata: 1. In skmsgshiftleft, we should use putpage. 2. If len == 0, returning early is better. 3. Popping the entire skmsg last == msg-sg.size should be...

5.5CVSS6.4AI score0.0023EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: ACPICA: The error code path in acpidscallcontrolmethod has been fixed. A use-after-free occurs in the acpipsParseAML function after a failed invocation of acpidscallcontrolmethod. This issue was reported by KASAN1. Code inspectio...

7.8CVSS6.4AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 4:16 a.m.19 views

CVE-2026-7637

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

9.8CVSS0.00573EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 2:27 a.m.7 views

CVE-2026-7637

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

9.8CVSS6.1AI score0.00573EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.20 views

PT-2026-42100

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOST USER LOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present...

9.8CVSS6.1AI score0.00573EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/18 8:45 a.m.59 views

CVE-2026-3471 Opening a window with {{javascript:alert()}} as URL causes crash in the Mattermost Desktop App

Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling window.open'javascript:alert';. Mattermost Advisory ID: MMSA-2026-00...

6.5CVSS0.00184EPSS
Exploits0References1
Rows per page
Query Builder