Lucene search
K

513 matches found

NVD
NVD
added 5 days ago12 views

CVE-2026-15289

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS0.00346EPSS
Exploits0References4
CVE
CVE
added 5 days ago7 views

CVE-2026-15289

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to a time-based SQL injection via the wpdevart_id parameter in all versions up to 3.2.17. The root cause is insufficient escaping of the user-supplied parameter and lack of proper SQL query preparation. This can a...

5.9CVSS6AI score0.00346EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42798

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS6AI score0.00346EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15289

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS6AI score0.00346EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-15289 Booking calendar, Appointment Booking System <= 3.2.17 - Unauthenticated Time-Based SQL Injection via 'wpdevart_id'

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpdevartid’ parameter in all versions up to, and including, 3.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

5.9CVSS0.00346EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/06 6:0 a.m.35 views

CVE-2026-11962 FileOrganizer < 1.2.0 - Authenticated Arbitrary File Upload via elFinder File Operations

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted file-manager access — which its premium add-on can extend to sub-administrator roles — to upload arbitrary PHP files and...

0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 6:18 a.m.41 views

CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

0.00652EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/03 6:18 a.m.7 views

EUVD-2026-41494

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

6AI score0.00652EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 6:18 a.m.3 views

CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS6.1AI score0.00652EPSS
Exploits1References5
NVD
NVD
added 2026/06/23 5:17 p.m.12 views

CVE-2026-55423

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS0.00152EPSS
Exploits1References3
OSV
OSV
added 2026/06/23 4:27 p.m.3 views

CVE-2026-55423 Langflow: Logout button does not clear session

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.7.0, the logout button does not clear the session. The previous user stays logged in unless another user explicitly logs in. This vulnerability is fixed in 1.7.0...

6.1CVSS5.9AI score0.00152EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-47261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ...

7.5CVSS6AI score0.00357EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/12 12:31 a.m.9 views

EUVD-2026-36329

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.5AI score0.00246EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 11:5 p.m.37 views

CVE-2026-46432

CVE-2026-46432 (LMDeploy) affects lmdeploy

7.8CVSS6.2AI score0.00142EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/08 12:0 a.m.7 views

CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP

Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. RFC 4513 Section 5.1.2 defines this as an unauthenticated bind. On LDAP servers that permit such binds, an attacker with a valid usernam...

7.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/04 11:5 p.m.9 views

CVE-2026-11206

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.3AI score0.00229EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

SAMSUNG rLottie 安全漏洞

SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. A previous version of SAMSUNG rLottie had a security vulnerability caused by uncontrolled recursion, which could lead to th...

6.1CVSS5.3AI score0.00103EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 4:8 p.m.22 views

CVE-2026-40713

CVE-2026-40713 concerns Dell ThinOS 10, specifically versions prior to ThinOS10_2602_10.0765, with an improper access control vulnerability. The vulnerability allows an unauthenticated attacker who has physical access to potentially cause information exposure. The available documents do not provi...

6.1CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/01 4:53 p.m.42 views

CVE-2026-45282

This CVE affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2, where an authenticated attacker can access attachments of link shares using a valid share token and a known documentId, bypassing password protection or download restrictions. The vulnerability enables access to attachmen...

6.5CVSS5.7AI score0.00294EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

GitButler 代码注入漏洞

GitButler is an open-source modern Git version control interface that supports AI workflows. Versions of GitButler prior to 0.19.7 contained a code injection vulnerability. This vulnerability could allow arbitrary scripts to execute in the Tauri webview due to the malicious links present in the...

9.3CVSS6.1AI score0.00515EPSS
Exploits0References2
Rows per page
Query Builder